mysql passwords
MySQL now depends less of the saved passwords, so now they can be removed safely for better security.
This commit is contained in:
Cristhian Martínez Ochoa
parent
82a082e111
commit
2c4f686d4e
4 changed files with 21 additions and 21 deletions
|
|
@ -1400,12 +1400,13 @@ cnf_delete() {
|
|||
cnf_write() {
|
||||
#Example: cnf_write error_log /var/log/mysql/error.log
|
||||
cnf_delete $1
|
||||
mysql_default_cnf
|
||||
[[ -n $2 ]] && local value="= $2"
|
||||
echo "$1 $value" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf
|
||||
}
|
||||
cnf_read() {
|
||||
#Example: cnf_read error_log
|
||||
echo $( grep -P "^$1 = " $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf | cut -f 2 -d "=" -s | sed 's/ //g' )
|
||||
[[ -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]] && echo $( grep -P "^$1 = " $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf | cut -f 2 -d "=" -s | sed 's/ //g' )
|
||||
}
|
||||
mysql_default_cnf() {
|
||||
# Creates the default Webinoly Configuration File (.cnf) for mysql if not exists.
|
||||
|
|
|
|||
11
lib/install
11
lib/install
|
|
@ -219,7 +219,7 @@ mysql_install() {
|
|||
# debconf-get-selections | grep phpmyadmin <<-- list conf variables
|
||||
|
||||
# Generate mysql user passwords
|
||||
if [[ -z $(conf_read mysql-root) && -z $(conf_read mysql-admin) ]]; then
|
||||
if [[ -z $(conf_read mysql-root) || -z $(conf_read mysql-admin) ]]; then
|
||||
local AUTOGENPASS_ROOT=`pwgen -s -1 16`
|
||||
local AUTOGENPASS_ADMIN=`pwgen -s -1 16`
|
||||
local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt )
|
||||
|
|
@ -471,15 +471,18 @@ php_optim() {
|
|||
# MySQL/MariaDB OPTIM
|
||||
mysql_optim() {
|
||||
api-events_update im5
|
||||
mysql_default_cnf
|
||||
|
||||
# MySQL/MariaDB login data
|
||||
mysql_login_cnf
|
||||
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
|
||||
echo "[client]
|
||||
mysql_login_cnf
|
||||
if [[ -n $(conf_read mysql-admin) ]]; then
|
||||
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
|
||||
echo "[client]
|
||||
user = admin
|
||||
password = $( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
|
||||
host = localhost
|
||||
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
|
||||
fi
|
||||
|
||||
# If value is empty we will do nothing, to prevent undesired things (before 1.17.1 these dynvars were not used via command only conf file, now are both).
|
||||
[[ $(conf_read mysql-log-binary) == "true" ]] && sudo log -mysql=binary -enable
|
||||
|
|
|
|||
26
lib/webin
26
lib/webin
|
|
@ -247,7 +247,8 @@ mysql_change_password() {
|
|||
|
||||
sudo mysql --connect-timeout=10 --user=admin -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;"
|
||||
if [[ $? == 0 ]]; then
|
||||
[[ $user =~ ^(root|admin)$ ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
|
||||
# Check if dynvar exist, because user can remove it for security, and it's valid!
|
||||
[[ $user =~ ^(root|admin)$ && -n $(conf_read mysql-${user}) ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
|
||||
|
||||
if [[ $user == "admin" ]]; then
|
||||
# MySQL/MariaDB login data
|
||||
|
|
@ -255,7 +256,7 @@ mysql_change_password() {
|
|||
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
|
||||
echo "[client]
|
||||
user = admin
|
||||
password = $( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
|
||||
password = $pass
|
||||
host = localhost
|
||||
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
|
||||
echo "${blu}${dim}Internal Webinoly login data updated!${end}"
|
||||
|
|
@ -501,19 +502,14 @@ show_db_data() {
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ -n $(conf_read mysql-root) || -n $(conf_read mysql-admin) ]]; then
|
||||
local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
|
||||
local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
|
||||
echo ""
|
||||
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
|
||||
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
|
||||
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
|
||||
echo ""
|
||||
else
|
||||
echo "${blu}"
|
||||
echo "Localhost credentials not found!"
|
||||
echo "${end}"
|
||||
fi
|
||||
|
||||
[[ -n $(conf_read mysql-root) ]] && local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) || local rpass="Not-Available!"
|
||||
[[ -n $(conf_read mysql-admin) ]] && local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) || local apass="Not-Available!"
|
||||
echo ""
|
||||
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
|
||||
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
|
||||
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
|
||||
echo ""
|
||||
|
||||
if [[ -n $extu ]]; then
|
||||
echo ""
|
||||
|
|
|
|||
2
usr/log
2
usr/log
|
|
@ -103,7 +103,7 @@ elif [[ -n $ssh ]]; then
|
|||
|
||||
# MySQL Logs
|
||||
elif [[ -n $mysql ]]; then
|
||||
check_for_mysql && mysql_default_cnf
|
||||
check_for_mysql
|
||||
|
||||
# General Log
|
||||
if [[ $mysql == "general" ]]; then
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue