Skip to content

v2.1.0

Choose a tag to compare

@github-actions github-actions released this 08 Jul 09:43

linux-temp-admin v2.1.0

Adds an operation audit log and deprecates the legacy v1 bash tool. Recommended upgrade; no breaking changes.

New: operation audit log

Every privileged operation the tool performs is now recorded as one JSON line in a root-owned, append-only log at /var/log/linux-temp-admin/audit.log (mode 0600):

  • account create / delete (and stale-entry cleanup), and install / uninstall / upgrade
  • each entry records the time (UTC), the operator (the user behind sudo, plus the effective uid), the pid, the action, the target account, the result, and key parameters (host, sudo, auto-revoke, fingerprint, …)
{"time":"2026-07-08T09:35:18Z","pid":1234,"actor":"alice","uid":0,"action":"account.create","target":"xxvcc-a1b2c3","result":"ok","fields":{"host":"203.0.113.5","sudo":"yes","auto":"yes","registered":"yes"}}

Logging is best-effort — a write failure is reported but never blocks or fails the operation itself (so a full disk can't stop you revoking a compromised account). Note: an on-host log can be altered by root; forward it to a remote collector if you need tamper-evidence.

v1 (bash) tool deprecated

temp-admin.sh is no longer maintained. It still runs, but now prints a deprecation notice at startup pointing to the v2 Go tool. Suppress it with LTA_SUPPRESS_DEPRECATION=1. No further features or fixes will land in v1.

Upgrade an existing install

sudo linux-temp-admin upgrade

Verifies the detached ed25519 signature against the embedded release key before installing (fail-closed).

Fresh install

curl -fsSL https://raw.githubusercontent.com/xxvcc/linux-temp-admin/main/scripts/install.sh | sudo sh

Verify manually (optional)

sha256sum -c SHA256SUMS

Full changelog: https://github.com/xxvcc/linux-temp-admin/blob/main/CHANGELOG.md