Merge pull request #144 from seknox/v1.1.2-prep

flyinghermit · web-flow · commit 3844a4127869 · 2020-11-01T13:37:35.000+05:45
v1.1.2 release prep
diff --git a/app/ios/trasa.xcodeproj/project.pbxproj b/app/ios/trasa.xcodeproj/project.pbxproj
@@ -953,7 +953,7 @@
 				CODE_SIGN_ENTITLEMENTS = trasa/trasa.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 37;
+				CURRENT_PROJECT_VERSION = 38;
 				DEVELOPMENT_TEAM = QF253X5LF9;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = trasa/Info.plist;
@@ -982,7 +982,7 @@
 				CODE_SIGN_ENTITLEMENTS = trasa/trasa.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 37;
+				CURRENT_PROJECT_VERSION = 38;
 				DEVELOPMENT_TEAM = QF253X5LF9;
 				INFOPLIST_FILE = trasa/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
diff --git a/build/digital-ocean/etc/trasa/config/config.toml b/build/digital-ocean/etc/trasa/config/config.toml
@@ -1,45 +1,41 @@
-
 [backup]
-  backupdir = "$HOME/trasa/backup"
+  backupdir = "/var/trasa/backup"
 
 [database]
   dbname = "trasadb"
+  dbpass = "trasauser"
+  dbtype = "postgres"
   dbuser = "trasauser"
   port = "5432"
   server = "localhost"
-  sslenabled = false
-
 
 [logging]
-  level = "ERROR"
+  level = "INFO"
 
+[minio]
+  key = "minioadmin"
+  secret = "minioadmin"
+  server = "127.0.0.1:9000"
+  status = false
+  usessl = false
 
 [platform]
-  base = "public"
+  base = "private"
 
-[redis]
-  server = "redis:6379"
+[proxy]
+  dblistenaddr = "127.0.0.1:3333"
+  guacdaddr = "127.0.0.1:4822"
+  guacdenabled = false
+  sshlistenaddr = "127.0.0.1:8022"
 
-[timezone]
-  location = "Asia/Kathmandu"
+[redis]
+  server = "localhost:6379"
 
 [security]
-  insecureSkipVerify=false
-
-
+  insecureskipverify = true
 
 [trasa]
-  cloudServer = "https://u2fproxy.trasa.io"
-  listenAddr = "<TRASA_LISTEN_ADDR>"
-  autoCert  = <AUTO_CERT>
-
-
-[sshproxy]
- listenAddr="0.0.0.0:8022"
-
-[dbproxy]
-  listenAddr="127.0.0.1:8023"
-
-[vault]
-  tsxvault = true
-
+  autocert = <AUTO_CERT>
+  cloudserver = "https://sg.cpxy.trasa.io"
+  listenaddr = "<TRASA_LISTEN_ADDR>"
+  proxydashboard = false
diff --git a/build/digital-ocean/opt/seknox/first_login.sh b/build/digital-ocean/opt/seknox/first_login.sh
@@ -5,7 +5,7 @@ sudo systemctl stop trasa
 echo "Enter TRASA server domain"
 read trasadomain
 
-sudo sed -i -e 's|<TRASA_LISTEN_ADDR>|'$trasadomain'|g' /Users/bhrg3se/seknox/code/trasa/trasa-oss/build/etc/trasa/config/config.toml
+sudo sed -i -e 's|<TRASA_LISTEN_ADDR>|'$trasadomain'|g' /etc/trasa/config/config.toml
 
 
 
@@ -15,10 +15,16 @@ read ans
 
 
 if [ $ans = 'Y' ] || [ $ans = 'y' ]; then
-  sudo sed -i -e 's|<AUTO_CERT>|true|g' /Users/bhrg3se/seknox/code/trasa/trasa-oss/build/etc/trasa/config/config.toml
+  sudo sed -i -e 's|<AUTO_CERT>|true|g' /etc/trasa/config/config.toml
 fi
 
+if [ $ans = 'N' ] || [ $ans = 'n' ]; then
+  sudo sed -i -e 's|<AUTO_CERT>|false|g' /etc/trasa/config/config.toml
+fi
+
+
+
 
 
 cp -f /etc/skel/.bashrc /root/.bashrc
-sudo systemctl start trasa
+sudo systemctl restart trasa
diff --git a/dashboard/package.json b/dashboard/package.json
@@ -1,6 +1,6 @@
 {
   "name": "trasa-dashboard",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "config": {
     "registry": "registry.gitlab.com/seknox/trasa/trasa-dashboard",
     "variant": "onprem"
diff --git a/dashboard/src/pages/System/Settings/FCMConfig.tsx b/dashboard/src/pages/System/Settings/FCMConfig.tsx
@@ -84,7 +84,7 @@ export default function TsxCloudProxyAccess(props: any) {
   const classes = useStyles();
   const [reqStatus, setReqStatus] = useState(false);
 
-  const [data, setData] = useState({ email: '', cpxy: '' });
+  const [data, setData] = useState({ email: '', cpxy: 'https://sg.cpxy.trasa.io' });
   const [APIKey, setAPIKey] = useState('');
 
   function handlechange(e: any) {
diff --git a/server/accessproxy/sshproxy/hostkeycallback.go b/server/accessproxy/sshproxy/hostkeycallback.go
@@ -41,7 +41,7 @@ func HandleHostKeyCallback(creds *models.UpstreamCreds, serviceID, orgID string,
 			//If caKey from trasacore is invalid
 			if caKey == nil {
 				if confirmSkipVerify("Upstream Host provided a certificate which could not be verified. Do you want to skip the verification and save the key?  \n") {
-					logger.Debug(string(k.Marshal()))
+					//logger.Debug(string(k.Marshal()))
 					//TODO verify cert
 					// put orgID
 					err := services.Store.UpdateHostCert(string(ssh.MarshalAuthorizedKey(k)), serviceID, orgID)
diff --git a/server/accessproxy/sshproxy/session.go b/server/accessproxy/sshproxy/session.go
@@ -294,7 +294,7 @@ func getClient(c ssh.ConnMetadata, signers []ssh.Signer) (*ssh.Client, error) {
 	}
 
 	if len(signers) != 0 {
-		logrus.Debug(signers)
+		//logrus.Debug(signers)
 		sess.clientConfig.Auth = append(sess.clientConfig.Auth, ssh.PublicKeys(signers...))
 
 	}
diff --git a/server/api/auth/serviceauth/db.go b/server/api/auth/serviceauth/db.go
@@ -150,7 +150,7 @@ func DBLogin(w http.ResponseWriter, r *http.Request) {
 	}
 
 	utils.TrasaResponse(w, 200, "success", string(reason), "db-login", creds, policy.RecordSession, authlog.SessionID)
-	logrus.Trace("Agent rlogin response returned")
+	logrus.Trace("DB login response returned")
 	return
 
 }
diff --git a/server/api/auth/serviceauth/hHTTPSession.go b/server/api/auth/serviceauth/hHTTPSession.go
@@ -330,7 +330,7 @@ func sessionWriter(sessionID, shots string) {
 					img, err := png.Decode(gopherPNG(counterAndImage[1]))
 					if err != nil {
 						if _, ok := err.(base64.CorruptInputError); ok {
-							logger.Debug("\nbase64 input is corrupt, check service Key")
+							logger.Debug("base64 input is corrupt, check service Key")
 						}
 						logger.Debug(err)
 						//return
@@ -467,7 +467,7 @@ func logoutSequence(sessionID string) {
 			logger.Error(err)
 		}
 	} else {
-		logger.Tracef("Not deleting directory %s as video failed.\n", sessionID)
+		logger.Tracef("Not deleting directory %s as video failed", sessionID)
 	}
 
 	// we delete sessionvalur from sessionStore
@@ -503,7 +503,7 @@ func createVideo(path, sessionID string) error {
 	cmd.Dir = path
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		logger.Errorf("createVideo: %s : cmd.Run() failed with %v || %s\n", sessionID, err, string(output))
+		logger.Errorf("createVideo: %s : cmd.Run() failed with %v || %s", sessionID, err, string(output))
 		return err
 	}
 	//fmt.Printf("combined out:\n%s\n", string(out))
diff --git a/server/api/devices/hMobile.go b/server/api/devices/hMobile.go
@@ -158,7 +158,7 @@ func GiveMeDeviceDetail(orguser, deviceID, totpSec string) {
 		logrus.Error(err)
 		return
 	}
-	logrus.Debug(orguser)
+	//logrus.Debug(orguser)
 	orgUserArray := strings.Split(orguser, ":")
 
 	if len(orgUserArray) != 2 {
diff --git a/server/api/notif/templateblobs.go b/server/api/notif/templateblobs.go
@@ -3867,7 +3867,7 @@ We received password reset request from your account. Click the link below to ch
                         
                         <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
                         
-                            <em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+                            <em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
@@ -4816,7 +4816,7 @@ var AdhocReq string = `
                         
                         <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
                         
-                            <em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+                            <em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
@@ -5766,7 +5766,7 @@ var AdhocStatus string = `
                         
                         <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
                         
-                            <em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+                            <em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
@@ -6701,7 +6701,7 @@ var DynamicAccess string = `
                         
                         <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
                         
-                            <em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+                            <em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
@@ -7641,7 +7641,7 @@ h4{
 
 <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
 
-<em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+<em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
@@ -7686,7 +7686,7 @@ secure@seknox.com<br>
 
 <td class="mcnTextContent" style="padding-top:0; padding-right:18px; padding-bottom:9px; padding-left:18px;" valign="top">
 
-<em>Copyright © 2018 - seknox cybersecurity, All rights reserved.</em><br>
+<em>Copyright © 2020 - Seknox Cybersecurity, All rights reserved.</em><br>
 <br>
 <br>
 <strong>Our mailing address is:</strong><br>
diff --git a/server/api/providers/vault/tsxvault/storetsxvault.go b/server/api/providers/vault/tsxvault/storetsxvault.go
@@ -265,15 +265,13 @@ func (s vaultStore) TsxVaultTester() error {
 	secret.AddedAt = time.Now().Unix()
 	secret.LastUpdated = time.Now().Unix()
 
-	logger.Debug(fmt.Sprintf("the plain text is: %s", string(secret.Secret)))
 	// encrypt the secret.
 	ct, err := utils.AESEncrypt(s.TsxvKey.Key[:], secret.Secret)
 	if err != nil {
 		logger.Error(err)
 		return fmt.Errorf("failed to pass encryption test")
 	}
 
-	logger.Debug(fmt.Sprintf("the cipher text is: %s", string(ct)))
 	secret.Secret = ct
 
 	// store it in database
diff --git a/server/api/services/creds.go b/server/api/services/creds.go
@@ -76,7 +76,7 @@ func GetUpstreamCreds(user, serviceID, serviceType, orgID string) (*models.Upstr
 	//logrus.Debug(orgID, serviceID, "password", user)
 	pass, err := tsxvault.Store.GetSecret(orgID, serviceID, "password", user)
 	if err != nil {
-		logrus.Error(err)
+		logrus.Debug(err)
 		resp.Password = ""
 	} else {
 		resp.Password = pass
diff --git a/server/api/services/hCreds.go b/server/api/services/hCreds.go
@@ -95,7 +95,7 @@ func ViewCreds(w http.ResponseWriter, r *http.Request) {
 
 	service, err := Store.GetFromID(req.ServiceID)
 	if err != nil {
-		logrus.Error(err, "invalid service ID in view creds")
+		//logrus.Error(err, "invalid service ID in view creds")
 		logrus.Error(err)
 		utils.TrasaResponse(w, 200, "failed", "Invalid service", "failed to view password")
 		return
diff --git a/server/cert.go b/server/cert.go
@@ -102,7 +102,7 @@ func generateCerts(certPath string, keyPath string, host string) error {
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
-	logrus.Info("written cert.pem")
+	logrus.Info("written tras-server.crt")
 
 	keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
@@ -111,7 +111,7 @@ func generateCerts(certPath string, keyPath string, host string) error {
 	}
 	pem.Encode(keyOut, pemBlockForKey(priv))
 	keyOut.Close()
-	logrus.Info("written key.pem")
+	logrus.Info("written trasa-server.key")
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "trasa-dashboard",`
`3`		`- "version": "1.1.1",`
	`3`	`+ "version": "1.1.2",`
`4`	`4`	`"config": {`
`5`	`5`	`"registry": "registry.gitlab.com/seknox/trasa/trasa-dashboard",`
`6`	`6`	`"variant": "onprem"`
Original file line number	Diff line number	Diff line change
`@@ -294,7 +294,7 @@ func getClient(c ssh.ConnMetadata, signers []ssh.Signer) (*ssh.Client, error) {`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	`if len(signers) != 0 {`
`297`		`- logrus.Debug(signers)`
	`297`	`+ //logrus.Debug(signers)`
`298`	`298`	`sess.clientConfig.Auth = append(sess.clientConfig.Auth, ssh.PublicKeys(signers...))`
`299`	`299`
`300`	`300`	`}`
Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ func DBLogin(w http.ResponseWriter, r *http.Request) {`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`utils.TrasaResponse(w, 200, "success", string(reason), "db-login", creds, policy.RecordSession, authlog.SessionID)`
`153`		`- logrus.Trace("Agent rlogin response returned")`
	`153`	`+ logrus.Trace("DB login response returned")`
`154`	`154`	`return`
`155`	`155`
`156`	`156`	`}`
Original file line number	Diff line number	Diff line change
`@@ -330,7 +330,7 @@ func sessionWriter(sessionID, shots string) {`
`330`	`330`	`img, err := png.Decode(gopherPNG(counterAndImage[1]))`
`331`	`331`	`if err != nil {`
`332`	`332`	`if _, ok := err.(base64.CorruptInputError); ok {`
`333`		`- logger.Debug("\nbase64 input is corrupt, check service Key")`
	`333`	`+ logger.Debug("base64 input is corrupt, check service Key")`
`334`	`334`	`}`
`335`	`335`	`logger.Debug(err)`
`336`	`336`	`//return`
`@@ -467,7 +467,7 @@ func logoutSequence(sessionID string) {`
`467`	`467`	`logger.Error(err)`
`468`	`468`	`}`
`469`	`469`	`} else {`
`470`		`- logger.Tracef("Not deleting directory %s as video failed.\n", sessionID)`
	`470`	`+ logger.Tracef("Not deleting directory %s as video failed", sessionID)`
`471`	`471`	`}`
`472`	`472`
`473`	`473`	`// we delete sessionvalur from sessionStore`
`@@ -503,7 +503,7 @@ func createVideo(path, sessionID string) error {`
`503`	`503`	`cmd.Dir = path`
`504`	`504`	`output, err := cmd.CombinedOutput()`
`505`	`505`	`if err != nil {`
`506`		`- logger.Errorf("createVideo: %s : cmd.Run() failed with %v \|\| %s\n", sessionID, err, string(output))`
	`506`	`+ logger.Errorf("createVideo: %s : cmd.Run() failed with %v \|\| %s", sessionID, err, string(output))`
`507`	`507`	`return err`
`508`	`508`	`}`
`509`	`509`	`//fmt.Printf("combined out:\n%s\n", string(out))`
Original file line number	Diff line number	Diff line change
`@@ -158,7 +158,7 @@ func GiveMeDeviceDetail(orguser, deviceID, totpSec string) {`
`158`	`158`	`logrus.Error(err)`
`159`	`159`	`return`
`160`	`160`	`}`
`161`		`- logrus.Debug(orguser)`
	`161`	`+ //logrus.Debug(orguser)`
`162`	`162`	`orgUserArray := strings.Split(orguser, ":")`
`163`	`163`
`164`	`164`	`if len(orgUserArray) != 2 {`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func generateCerts(certPath string, keyPath string, host string) error {`
`102`	`102`	`}`
`103`	`103`	`pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})`
`104`	`104`	`certOut.Close()`
`105`		`- logrus.Info("written cert.pem")`
	`105`	`+ logrus.Info("written tras-server.crt")`
`106`	`106`
`107`	`107`	`keyOut, err := os.OpenFile(keyPath, os.O_WRONLY\|os.O_CREATE\|os.O_TRUNC, 0600)`
`108`	`108`	`if err != nil {`
`@@ -111,7 +111,7 @@ func generateCerts(certPath string, keyPath string, host string) error {`
`111`	`111`	`}`
`112`	`112`	`pem.Encode(keyOut, pemBlockForKey(priv))`
`113`	`113`	`keyOut.Close()`
`114`		`- logrus.Info("written key.pem")`
	`114`	`+ logrus.Info("written trasa-server.key")`
`115`	`115`	`return nil`
`116`	`116`	`}`
`117`	`117`