[dev.icinga.com #4565] create_mysqldb.sh saves db password in globally readable log #1329
Comments
Updated by Tommi on 2013-08-18 18:54:55 +00:00
hopefully fixed in https://git.icinga.org/?p=icinga-core.git;a=commit;h=238b3a48d7dd442a1cae9ce33abd03c8c1a4587d. Pls check it. |
Updated by theh on 2013-08-21 08:01:02 +00:00 Hey, thanks for the quick reply, it does work but there would be still the issue that the icinga db user password would be saved in the script. I would add something like the following to the script so that the password could be changed by the user but is still saved in the log which is only accessible by root thanks to your patch.
|
Updated by theh on 2013-08-26 09:55:42 +00:00
Would this change be Ok? This would also prevent having a default password for icinga db users. |
Updated by mfriedrich on 2013-08-26 11:12:06 +00:00 isn't that the wrong section? |
Updated by Tommi on 2013-08-26 13:32:44 +00:00 I would like to stay with the default password because this is in all of the documentation mentioned. But i can add an additional question for a user supplied password. The "create user" command can be moved out of the logged script part, therefore the password should not appear in the logfile. |
Updated by Tommi on 2013-08-26 13:35:20 +00:00
changed section and priority as it isnt a serious show stopper |
Updated by theh on 2013-08-28 07:37:53 +00:00 What about:
|
Updated by Tommi on 2013-09-02 18:43:31 +00:00 Looks better, but the script should optionally not ask for anything (used by an unattended zero-click installation). |
Updated by theh on 2013-09-03 06:40:27 +00:00 I don't get it, right now it always asks for the root db password. |
Updated by Tommi on 2013-09-03 18:36:56 +00:00
But this works only for the first read. Dont know how to fill in further inputs |
Updated by theh on 2013-09-09 08:32:28 +00:00 Ok, what about this:
|
Updated by theh on 2013-09-09 08:33:35 +00:00 Btw. where else would the password needed to be changed if the default isn't used? |
Updated by Tommi on 2013-09-14 09:19:37 +00:00 added a similar option to create_mysql.sh in changeset cdad5c5. It will allow to supply the passwords as parameter too. pls try it out. changed defaults need to be added to ido2db.cfg (usually located in /etc/icinga), where all database settings are defined. |
Updated by theh on 2013-10-30 09:46:46 +00:00 I have tested your latest changes and they do work fine, thanks. |
Updated by Tommi on 2013-10-30 16:52:36 +00:00
dnsmichi decides which version. Maybe it fits already to the next bugfix release. I'm setting this issue to resolved. |
Updated by mfriedrich on 2013-10-30 16:59:55 +00:00
unmerged commits and their issues must not be resolved. |
Updated by mfriedrich on 2014-01-03 15:16:18 +00:00
|
Updated by Anonymous on 2014-01-03 17:10:09 +00:00
Applied in changeset icinga-core:1c149de98110d60c9822e833168412ad481f60c2. |
Updated by mfriedrich on 2014-12-08 14:38:14 +00:00
|
This issue has been migrated from Redmine: https://dev.icinga.com/issues/4565
Created by theh on 2013-08-15 11:14:17 +00:00
Assignee: Tommi
Status: Resolved (closed on 2014-01-03 17:10:09 +00:00)
Target Version: 1.11
Last Update: 2014-12-08 14:38:14 +00:00 (in Redmine)
If create_mysqldb.sh and probably the other db creation scripts are used to set up the db a log is created which consists the password of the db. This log is stored in the same directory as the script thous it is normally globally readable.
Changesets
2013-09-14 08:59:10 +00:00 by Tommi cdad5c5
2014-01-03 15:15:58 +00:00 by (unknown) 1c149de
The text was updated successfully, but these errors were encountered: