Skip to content

Groups sync

Latest
Latest

Choose a tag to compare

View all tags
@guimard guimard released this 07 Feb 22:09
· 151 commits to main since this release
v0.1.1
ea1b3e2

Added

  • Supplementary groups synchronization (#95): LLNG can now manage Unix supplementary
    groups on target servers via the managed_groups configuration
    • Local whitelist for managed groups (allowed_managed_groups): Defense-in-depth
      option to restrict which groups LLNG can modify on each server
  • CrowdSec IP/CIDR whitelist (#96): New crowdsec_whitelist option to bypass
    CrowdSec checks for trusted IPs/networks (VPN exit nodes, corporate NAT)
    • Supports IPv4, IPv6, and CIDR notation
    • Prevents self-inflicted DoS on shared IPs

Fixed

  • TOCTOU race condition in cache_key.c (#97): Use open() with
    O_CREAT|O_EXCL|O_NOFOLLOW instead of fopen() to prevent symlink attacks
  • Check fclose() return value to detect flush errors before rename
Assets 2
Loading