github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-19 21:04:06 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Security: separate passwords for databases

Browse source
This commit is contained in:
Serghey Rodin 2018-10-17 17:27:03 +03:00
commit 1557f9bc8c
4 changed files with 30 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

14
install/vst-install-amazon.sh
View file

@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then
fi fi
# Securing MySQL installation # Securing MySQL installation
mysqladmin -u root password $vpass mpass=$(gen_pass)
echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf mysqladmin -u root password $mpass
echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
chmod 600 /root/.my.cnf chmod 600 /root/.my.cnf
mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DELETE FROM mysql.user WHERE User=''"
mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1031,9 +1032,10 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
ppass=$(gen_pass)
if [ $release -eq 5 ]; then if [ $release -eq 5 ]; then
service postgresql start service postgresql start
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
service postgresql stop service postgresql stop
cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
service postgresql start service postgresql start
@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then
service postgresql initdb service postgresql initdb
cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
service postgresql start service postgresql start
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
fi fi
# Configuring phpPgAdmin # Configuring phpPgAdmin
if [ "$apache" = 'yes' ]; then if [ "$apache" = 'yes' ]; then
@ -1272,13 +1274,13 @@ fi
# Configuring MySQL host # Configuring MySQL host
if [ "$mysql" = 'yes' ]; then if [ "$mysql" = 'yes' ]; then
$VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database-host mysql localhost root $mpass
$VESTA/bin/v-add-database admin default default $(gen_pass) mysql $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
fi fi
# Configuring PostgreSQL host # Configuring PostgreSQL host
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
$VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
$VESTA/bin/v-add-database admin db db $(gen_pass) pgsql $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
fi fi

12
install/vst-install-debian.sh
View file

@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then
check_result $? "mysql start failed" check_result $? "mysql start failed"
# Securing MySQL installation # Securing MySQL installation
mysqladmin -u root password $vpass mpass=$(gen_pass)
echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf mysqladmin -u root password $mpass
echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
chmod 600 /root/.my.cnf chmod 600 /root/.my.cnf
mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DELETE FROM mysql.user WHERE User=''"
mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1008,9 +1009,10 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
ppass=$(gen_pass)
wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf
service postgresql restart service postgresql restart
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
# Configuring phpPgAdmin # Configuring phpPgAdmin
if [ "$apache" = 'yes' ]; then if [ "$apache" = 'yes' ]; then
@ -1298,13 +1300,13 @@ fi
# Configuring mysql host # Configuring mysql host
if [ "$mysql" = 'yes' ]; then if [ "$mysql" = 'yes' ]; then
$VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database-host mysql localhost root $mpass
$VESTA/bin/v-add-database admin default default $(gen_pass) mysql $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
fi fi
# Configuring pgsql host # Configuring pgsql host
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
$VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
$VESTA/bin/v-add-database admin db db $(gen_pass) pgsql $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
fi fi

14
install/vst-install-rhel.sh
View file

@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then
fi fi
# Securing MySQL installation # Securing MySQL installation
mysqladmin -u root password $vpass mpass=$(gen_pass)
echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf mysqladmin -u root password $mpass
echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
chmod 600 /root/.my.cnf chmod 600 /root/.my.cnf
mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DELETE FROM mysql.user WHERE User=''"
mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1047,9 +1048,10 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
ppass=$(gen_pass)
if [ $release -eq 5 ]; then if [ $release -eq 5 ]; then
service postgresql start service postgresql start
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
service postgresql stop service postgresql stop
cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
service postgresql start service postgresql start
@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then
service postgresql initdb service postgresql initdb
cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
service postgresql start service postgresql start
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
fi fi
# Configuring phpPgAdmin # Configuring phpPgAdmin
if [ "$apache" = 'yes' ]; then if [ "$apache" = 'yes' ]; then
@ -1289,13 +1291,13 @@ fi
# Configuring MySQL/MariaDB host # Configuring MySQL/MariaDB host
if [ "$mysql" = 'yes' ]; then if [ "$mysql" = 'yes' ]; then
$VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database-host mysql localhost root $mpass
$VESTA/bin/v-add-database admin default default $(gen_pass) mysql $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
fi fi
# Configuring PostgreSQL host # Configuring PostgreSQL host
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
$VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
$VESTA/bin/v-add-database admin db db $(gen_pass) pgsql $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
fi fi

12
install/vst-install-ubuntu.sh
View file

@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then
check_result $? "mysql start failed" check_result $? "mysql start failed"
# Securing MySQL/MariaDB installation # Securing MySQL/MariaDB installation
mysqladmin -u root password $vpass mpass=$(gen_pass)
echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf mysqladmin -u root password $mpass
echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
chmod 600 /root/.my.cnf chmod 600 /root/.my.cnf
mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DELETE FROM mysql.user WHERE User=''"
mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1000,9 +1001,10 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
ppass=$(gen_pass)
cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
service postgresql restart service postgresql restart
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
# Configuring phpPgAdmin # Configuring phpPgAdmin
if [ "$apache" = 'yes' ]; then if [ "$apache" = 'yes' ]; then
@ -1235,13 +1237,13 @@ fi
# Configuring MySQL/MariaDB host # Configuring MySQL/MariaDB host
if [ "$mysql" = 'yes' ]; then if [ "$mysql" = 'yes' ]; then
$VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database-host mysql localhost root $mpass
$VESTA/bin/v-add-database admin default default $(gen_pass) mysql $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
fi fi
# Configuring PostgreSQL host # Configuring PostgreSQL host
if [ "$postgresql" = 'yes' ]; then if [ "$postgresql" = 'yes' ]; then
$VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
$VESTA/bin/v-add-database admin db db $(gen_pass) pgsql $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
fi fi