ci: use super-linter (#683)

This commit is contained in:
Stanislas 2020-10-21 13:59:49 +02:00 committed by GitHub
parent 7b7567e7cb
commit bd047c08d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 18 additions and 21 deletions

3
.editorconfig Normal file
View File

@ -0,0 +1,3 @@
[*.sh]
indent_style = tab
indent_size = 4

1
.github/linters/.markdown-lint.yml vendored Normal file
View File

@ -0,0 +1 @@
{ 'MD013': null, 'MD045': null, 'MD040': null, 'MD036': null }

View File

@ -3,20 +3,12 @@ on: [push, pull_request, pull_request_target]
name: Lint name: Lint
jobs: jobs:
shellcheck: super-linter:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - name: Checkout Code
- name: shellcheck uses: actions/checkout@v2
uses: ludeeus/action-shellcheck@0.5.0 - name: Lint Code Base
uses: github/super-linter@v3.13.1
env: env:
SHELLCHECK_OPTS: -e SC1091,SC2164,SC2034,SC1072,SC1073,SC1009 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: shfmt
uses: bltavares/actions/shfmt@master
env:
SHFMT_ARGS: -d

9
FAQ.md
View File

@ -69,7 +69,7 @@ If your client is <2.3.3, remove `tls-version-min 1.2` from your `/etc/openvpn/s
**Q:** IPv6 is not working on my Hetzner VM **Q:** IPv6 is not working on my Hetzner VM
**A:** This an issue on their side. See https://angristan.xyz/fix-ipv6-hetzner-cloud/ **A:** This an issue on their side. See <https://angristan.xyz/fix-ipv6-hetzner-cloud/>
--- ---
@ -117,11 +117,11 @@ Sysctl options are at `/etc/sysctl.d/20-openvpn.conf`
**A:** Here is a sample bash script to achieve this: **A:** Here is a sample bash script to achieve this:
```sh ```sh
userlist=(user1 user2 user3) userlist=(user1 user2 user3)
for i in ${userlist[@]};do for i in ${userlist[@]};do
MENU_OPTION=1 CLIENT=$i PASS=1 ./openvpn-install.sh MENU_OPTION=1 CLIENT=$i PASS=1 ./openvpn-install.sh
done done
``` ```
@ -137,8 +137,9 @@ done
**A:** You would need to edit the `.ovpn` file. You can edit the template out of which those files are created by editing `/etc/openvpn/client-template.txt` file and adding **A:** You would need to edit the `.ovpn` file. You can edit the template out of which those files are created by editing `/etc/openvpn/client-template.txt` file and adding
```sh ```sh
route-nopull route-nopull
route 10.0.0.0 255.0.0.0 route 10.0.0.0 255.0.0.0
``` ```
So for example - here it would route all traffic of `10.0.0.0/8` to the vpn. And the rest through the internet. So for example - here it would route all traffic of `10.0.0.0/8` to the vpn. And the rest through the internet.

View File

@ -249,9 +249,8 @@ By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old
> The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. > The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode.
> >
> Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. > Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See <https://community.openvpn.net/openvpn/wiki/SWEET32> for details.
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See <https://sweet32.info/> for a much better and more elaborate explanation.
> Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See https://sweet32.info/ for a much better and more elaborate explanation.
> >
> OpenVPN's default cipher, BF-CBC, is affected by this attack. > OpenVPN's default cipher, BF-CBC, is affected by this attack.

View File

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091,SC2164,SC2034,SC1072,SC1073,SC1009
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux # Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora and Arch Linux
# https://github.com/angristan/openvpn-install # https://github.com/angristan/openvpn-install