ci: use super-linter (#683)

This commit is contained in:
Stanislas 2020-10-21 13:59:49 +02:00 committed by GitHub
parent 7b7567e7cb
commit bd047c08d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 18 additions and 21 deletions

3
.editorconfig Normal file
View File

@ -0,0 +1,3 @@
[*.sh]
indent_style = tab
indent_size = 4

1
.github/linters/.markdown-lint.yml vendored Normal file
View File

@ -0,0 +1 @@
{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null }

View File

@ -3,20 +3,12 @@ on: [push, pull_request, pull_request_target]
name: Lint
jobs:
shellcheck:
super-linter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: shellcheck
uses: ludeeus/action-shellcheck@0.5.0
- name: Checkout Code
uses: actions/checkout@v2
- name: Lint Code Base
uses: github/super-linter@v3.13.1
env:
SHELLCHECK_OPTS: -e SC1091,SC2164,SC2034,SC1072,SC1073,SC1009
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: shfmt
uses: bltavares/actions/shfmt@master
env:
SHFMT_ARGS: -d
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

7
FAQ.md
View File

@ -69,7 +69,7 @@ If your client is <2.3.3, remove `tls-version-min 1.2` from your `/etc/openvpn/s
**Q:** IPv6 is not working on my Hetzner VM
**A:** This an issue on their side. See https://angristan.xyz/fix-ipv6-hetzner-cloud/
**A:** This an issue on their side. See <https://angristan.xyz/fix-ipv6-hetzner-cloud/>
---
@ -117,7 +117,7 @@ Sysctl options are at `/etc/sysctl.d/20-openvpn.conf`
**A:** Here is a sample bash script to achieve this:
```sh
```sh
userlist=(user1 user2 user3)
for i in ${userlist[@]};do
@ -137,8 +137,9 @@ done
**A:** You would need to edit the `.ovpn` file. You can edit the template out of which those files are created by editing `/etc/openvpn/client-template.txt` file and adding
```sh
```sh
route-nopull
route 10.0.0.0 255.0.0.0
```
So for example - here it would route all traffic of `10.0.0.0/8` to the vpn. And the rest through the internet.

View File

@ -249,9 +249,8 @@ By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old
> The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode.
>
> Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details.
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See https://sweet32.info/ for a much better and more elaborate explanation.
> Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See <https://community.openvpn.net/openvpn/wiki/SWEET32> for details.
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See <https://sweet32.info/> for a much better and more elaborate explanation.
>
> OpenVPN's default cipher, BF-CBC, is affected by this attack.

View File

@ -1,4 +1,5 @@
#!/bin/bash
# shellcheck disable=SC1091,SC2164,SC2034,SC1072,SC1073,SC1009
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux
# https://github.com/angristan/openvpn-install