From 1557f9bc8cbdb349a83bce96093b1717b36cf5cd Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 17:27:03 +0300 Subject: [PATCH] Security: separate passwords for databases --- install/vst-install-amazon.sh | 14 ++++++++------ install/vst-install-debian.sh | 12 +++++++----- install/vst-install-rhel.sh | 14 ++++++++------ install/vst-install-ubuntu.sh | 12 +++++++----- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index 899d4cd89..e419d0199 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1031,9 +1032,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1272,13 +1274,13 @@ fi # Configuring MySQL host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4b5d293d9..013f31606 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1008,9 +1009,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1298,13 +1300,13 @@ fi # Configuring mysql host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring pgsql host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 1ecd22359..4a8634641 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1047,9 +1048,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1289,13 +1291,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index c0655bb24..bfcf89197 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL/MariaDB installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1000,9 +1001,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1235,13 +1237,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi