free
/
freedombone
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Central database rot password

Bob Mottram 10 年之前
父節點
bf3c8389b6
當前提交
43e06d64ed
共有 1 個文件被更改,包括 22 次插入8 次删除
統一視圖 顯示文件統計
  1. 22
    8
      install-freedombone.sh

+ 22
- 8
install-freedombone.sh 查看文件

295 
 # Used to indicate whether the backup contains MariaDB databases or not
 295 
 # Used to indicate whether the backup contains MariaDB databases or not
296 
 BACKUP_INCLUDES_DATABASES="no"
 296 
 BACKUP_INCLUDES_DATABASES="no"
297
297
298 
+# contains the mysql root password which
299 
+# is used for backups and repair
300 
+DATABASE_PASSWORD_FILE=/root/dbpass
301 
+
298 
 # message if something fails to install
 302 
 # message if something fails to install
299 
 CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
 303 
 CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
300
304
535 
 function get_mariadb_password {
 539 
 function get_mariadb_password {
536 
   if [ -f /home/$MY_USERNAME/README ]; then
 540 
   if [ -f /home/$MY_USERNAME/README ]; then
537 
       if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
 541 
       if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
538 
-          MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
542 
+          if [ -f $DATABASE_PASSWORD_FILE ]; then
543 
+              MARIADB_PASSWORD=$(<$DATABASE_PASSWORD_FILE)
544 
+          else
545 
+              MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
546 
+              echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
547 
+              chmod 600 $DATABASE_PASSWORD_FILE
548 
+          fi
539 
       fi
 549 
       fi
540 
   fi
 550 
   fi
541 
 }
 551 
 }
612 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
 622 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
613
623
614 
   echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME
 624 
   echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME
615 
-  echo "DATABASE_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/$BACKUP_SCRIPT_NAME
625 
+  echo "DATABASE_PASSWORD=$(<$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_SCRIPT_NAME
616 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
 626 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
617 
   if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
 627 
   if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
618 
       BACKUP_INCLUDES_DATABASES="yes"
 628 
       BACKUP_INCLUDES_DATABASES="yes"
1088 
   echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1098 
   echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
1089 
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1099 
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
1090 
   echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1100 
   echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME
1091 
-  echo "DATABASE_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/$RESTORE_SCRIPT_NAME
1101 
+  echo "DATABASE_PASSWORD=$(<$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME
1092 
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1102 
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
1093
1103
1094 
   if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
 1104 
   if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
1124 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1134 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
1125 
       echo '  shred -zu /root/tempmariadb/usb/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1135 
       echo '  shred -zu /root/tempmariadb/usb/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_SCRIPT_NAME
1126 
       echo '  rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1136 
       echo '  rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME
1127 
-      echo -n '  sed -i "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=' >> /usr/bin/$RESTORE_SCRIPT_NAME
1128 
-      echo -n "'$DATABASE_PASSWORD'/g" >> /usr/bin/$RESTORE_SCRIPT_NAME
1129 
-      echo '" /usr/bin/backupdatabases' >> /usr/bin/$RESTORE_SCRIPT_NAME
1137 
+      echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
1138 
+      echo '  # Change database password file' >> /usr/bin/$RESTORE_SCRIPT_NAME
1139 
+      echo "  echo '$DATABASE_PASSWORD' > $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME
1140 
+      echo "  chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME
1130 
       echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1141 
       echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
1131 
       echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
 1142 
       echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
1132 
   fi
 1143 
   fi
3981 
   get_mariadb_password
 3992 
   get_mariadb_password
3982 
   if [ ! $MARIADB_PASSWORD ]; then
 3993 
   if [ ! $MARIADB_PASSWORD ]; then
3983 
       MARIADB_PASSWORD=$(openssl rand -base64 32)
 3994 
       MARIADB_PASSWORD=$(openssl rand -base64 32)
3995 
+      echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
3996 
+      chmod 600 $DATABASE_PASSWORD_FILE
3997 
+
3984 
       echo '' >> /home/$MY_USERNAME/README
 3998 
       echo '' >> /home/$MY_USERNAME/README
3985 
       echo '' >> /home/$MY_USERNAME/README
 3999 
       echo '' >> /home/$MY_USERNAME/README
3986 
       echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
 4000 
       echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
4010 
       echo '' >> /usr/bin/backupdatabases
 4024 
       echo '' >> /usr/bin/backupdatabases
4011 
       echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
 4025 
       echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
4012 
       echo '' >> /usr/bin/backupdatabases
 4026 
       echo '' >> /usr/bin/backupdatabases
4013 
-      echo "MYSQL_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/backupdatabases
4027 
+      echo "MYSQL_PASSWORD=$(<$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
4014 
       echo 'umask 0077' >> /usr/bin/backupdatabases
 4028 
       echo 'umask 0077' >> /usr/bin/backupdatabases
4015 
       echo '' >> /usr/bin/backupdatabases
 4029 
       echo '' >> /usr/bin/backupdatabases
4016 
       echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
 4030 
       echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
4052 
   echo 'DATABASE=$1' >> /usr/bin/repairdatabase
 4066 
   echo 'DATABASE=$1' >> /usr/bin/repairdatabase
4053 
   echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase
 4067 
   echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase
4054 
   echo '' >> /usr/bin/repairdatabase
 4068 
   echo '' >> /usr/bin/repairdatabase
4055 
-  echo "MYSQL_ROOT_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/repairdatabase
4069 
+  echo "MYSQL_ROOT_PASSWORD=$(<$DATABASE_PASSWORD_FILE)" >> /usr/bin/repairdatabase
4056 
   echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase
 4070 
   echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase
4057 
   echo '' >> /usr/bin/repairdatabase
 4071 
   echo '' >> /usr/bin/repairdatabase
4058 
   echo 'umask 0077' >> /usr/bin/repairdatabase
 4072 
   echo 'umask 0077' >> /usr/bin/repairdatabase