Merge branch 'ent-9869-no-desactivar-validate_password-en-nuevas-instalaciones' into 'develop'
9869 adding check for mysql password validation to online installers See merge request artica/pandorafms!6278
This commit is contained in:
commit
77aaba52fc
|
@ -19,10 +19,10 @@ LOGFILE="/tmp/deploy-ext-db-$(date +%F).log"
|
||||||
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
||||||
[ "$DBNAME" ] || DBNAME=pandora
|
[ "$DBNAME" ] || DBNAME=pandora
|
||||||
[ "$DBUSER" ] || DBUSER=pandora
|
[ "$DBUSER" ] || DBUSER=pandora
|
||||||
[ "$DBPASS" ] || DBPASS=pandora
|
[ "$DBPASS" ] || DBPASS='Pandor4!'
|
||||||
[ "$DBPORT" ] || DBPORT=3306
|
[ "$DBPORT" ] || DBPORT=3306
|
||||||
[ "$DBROOTUSER" ] || DBROOTUSER=root
|
[ "$DBROOTUSER" ] || DBROOTUSER=root
|
||||||
[ "$DBROOTPASS" ] || DBROOTPASS=pandora
|
[ "$DBROOTPASS" ] || DBROOTPASS='Pandor4!'
|
||||||
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
||||||
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
||||||
[ "$POOL_SIZE" ] || POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
|
[ "$POOL_SIZE" ] || POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
|
||||||
|
@ -79,6 +79,53 @@ check_root_permissions () {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Function to check if a password meets the MySQL secure password requirements
|
||||||
|
is_mysql_secure_password() {
|
||||||
|
local password=$1
|
||||||
|
|
||||||
|
# Check password length (at least 8 characters)
|
||||||
|
if [[ ${#password} -lt 8 ]]; then
|
||||||
|
echo "Password length should be at least 8 characters."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one uppercase letter
|
||||||
|
if [[ $password == ${password,,} ]]; then
|
||||||
|
echo "Password should contain at least one uppercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one lowercase letter
|
||||||
|
if [[ $password == ${password^^} ]]; then
|
||||||
|
echo "Password should contain at least one lowercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one digit
|
||||||
|
if ! [[ $password =~ [0-9] ]]; then
|
||||||
|
echo "Password should contain at least one digit."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one special character
|
||||||
|
if ! [[ $password =~ [[:punct:]] ]]; then
|
||||||
|
echo "Password should contain at least one special character."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password is not a common pattern (e.g., "password", "123456")
|
||||||
|
local common_patterns=("password" "123456" "qwerty")
|
||||||
|
for pattern in "${common_patterns[@]}"; do
|
||||||
|
if [[ $password == *"$pattern"* ]]; then
|
||||||
|
echo "Password should not contain common patterns."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# If all checks pass, the password is MySQL secure compliant
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
## Main
|
## Main
|
||||||
echo "Starting PandoraFMS External DB deployment EL8 ver. $S_VERSION"
|
echo "Starting PandoraFMS External DB deployment EL8 ver. $S_VERSION"
|
||||||
|
|
||||||
|
@ -128,6 +175,10 @@ execute_cmd "grep --version" 'Checking needed tools: grep'
|
||||||
execute_cmd "sed --version" 'Checking needed tools: sed'
|
execute_cmd "sed --version" 'Checking needed tools: sed'
|
||||||
execute_cmd "dnf --version" 'Checking needed tools: dnf'
|
execute_cmd "dnf --version" 'Checking needed tools: dnf'
|
||||||
|
|
||||||
|
#Check mysql pass
|
||||||
|
execute_cmd "is_mysql_secure_password $DBROOTPASS" "Checking DBROOTPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
execute_cmd "is_mysql_secure_password $DBPASS" "Checking DBPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
|
||||||
# Creating working directory
|
# Creating working directory
|
||||||
rm -rf "$HOME"/pandora_deploy_tmp/*.rpm* &>> "$LOGFILE"
|
rm -rf "$HOME"/pandora_deploy_tmp/*.rpm* &>> "$LOGFILE"
|
||||||
mkdir "$HOME"/pandora_deploy_tmp &>> "$LOGFILE"
|
mkdir "$HOME"/pandora_deploy_tmp &>> "$LOGFILE"
|
||||||
|
@ -207,16 +258,12 @@ if [ "$SKIP_DATABASE_INSTALL" -eq '0' ] ; then
|
||||||
export MYSQL_PWD=$(grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev)
|
export MYSQL_PWD=$(grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev)
|
||||||
if [ "$MYVER" -eq '80' ] ; then
|
if [ "$MYVER" -eq '80' ] ; then
|
||||||
echo """
|
echo """
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = 'Pandor4!';
|
|
||||||
UNINSTALL COMPONENT 'file://component_validate_password';
|
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = '$DBROOTPASS';
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = '$DBROOTPASS';
|
||||||
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"
|
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$MYVER" -ne '80' ] ; then
|
if [ "$MYVER" -ne '80' ] ; then
|
||||||
echo """
|
echo """
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('Pandor4!');
|
|
||||||
UNINSTALL PLUGIN validate_password;
|
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('$DBROOTPASS');
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('$DBROOTPASS');
|
||||||
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"fi
|
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -26,9 +26,9 @@ rm -f $LOGFILE &> /dev/null # remove last log before start
|
||||||
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
||||||
[ "$DBNAME" ] || DBNAME=pandora
|
[ "$DBNAME" ] || DBNAME=pandora
|
||||||
[ "$DBUSER" ] || DBUSER=pandora
|
[ "$DBUSER" ] || DBUSER=pandora
|
||||||
[ "$DBPASS" ] || DBPASS=pandora
|
[ "$DBPASS" ] || DBPASS='Pandor4!'
|
||||||
[ "$DBPORT" ] || DBPORT=3306
|
[ "$DBPORT" ] || DBPORT=3306
|
||||||
[ "$DBROOTPASS" ] || DBROOTPASS=pandora
|
[ "$DBROOTPASS" ] || DBROOTPASS='Pandor4!'
|
||||||
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
||||||
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
||||||
[ "$POOL_SIZE" ] || POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
|
[ "$POOL_SIZE" ] || POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
|
||||||
|
@ -86,6 +86,53 @@ check_root_permissions () {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Function to check if a password meets the MySQL secure password requirements
|
||||||
|
is_mysql_secure_password() {
|
||||||
|
local password=$1
|
||||||
|
|
||||||
|
# Check password length (at least 8 characters)
|
||||||
|
if [[ ${#password} -lt 8 ]]; then
|
||||||
|
echo "Password length should be at least 8 characters."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one uppercase letter
|
||||||
|
if [[ $password == ${password,,} ]]; then
|
||||||
|
echo "Password should contain at least one uppercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one lowercase letter
|
||||||
|
if [[ $password == ${password^^} ]]; then
|
||||||
|
echo "Password should contain at least one lowercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one digit
|
||||||
|
if ! [[ $password =~ [0-9] ]]; then
|
||||||
|
echo "Password should contain at least one digit."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one special character
|
||||||
|
if ! [[ $password =~ [[:punct:]] ]]; then
|
||||||
|
echo "Password should contain at least one special character."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password is not a common pattern (e.g., "password", "123456")
|
||||||
|
local common_patterns=("password" "123456" "qwerty")
|
||||||
|
for pattern in "${common_patterns[@]}"; do
|
||||||
|
if [[ $password == *"$pattern"* ]]; then
|
||||||
|
echo "Password should not contain common patterns."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# If all checks pass, the password is MySQL secure compliant
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
## Main
|
## Main
|
||||||
echo "Starting PandoraFMS External DB deployment Ubuntu 22.04 ver. $S_VERSION"
|
echo "Starting PandoraFMS External DB deployment Ubuntu 22.04 ver. $S_VERSION"
|
||||||
|
|
||||||
|
@ -137,6 +184,10 @@ execute_cmd "grep --version" 'Checking needed tools: grep'
|
||||||
execute_cmd "sed --version" 'Checking needed tools: sed'
|
execute_cmd "sed --version" 'Checking needed tools: sed'
|
||||||
execute_cmd "apt --version" 'Checking needed tools: apt'
|
execute_cmd "apt --version" 'Checking needed tools: apt'
|
||||||
|
|
||||||
|
#Check mysql pass
|
||||||
|
execute_cmd "is_mysql_secure_password $DBROOTPASS" "Checking DBROOTPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
execute_cmd "is_mysql_secure_password $DBPASS" "Checking DBPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
|
||||||
# Creating working directory
|
# Creating working directory
|
||||||
rm -rf "$WORKDIR" &>> "$LOGFILE"
|
rm -rf "$WORKDIR" &>> "$LOGFILE"
|
||||||
mkdir -p "$WORKDIR" &>> "$LOGFILE"
|
mkdir -p "$WORKDIR" &>> "$LOGFILE"
|
||||||
|
@ -170,6 +221,7 @@ if [ "$SKIP_DATABASE_INSTALL" -eq '0' ] ; then
|
||||||
""" | mysql -uroot &>> "$LOGFILE"
|
""" | mysql -uroot &>> "$LOGFILE"
|
||||||
|
|
||||||
export MYSQL_PWD=$DBROOTPASS
|
export MYSQL_PWD=$DBROOTPASS
|
||||||
|
echo "INSTALL COMPONENT 'file://component_validate_password';" | mysql -uroot -P$DBPORT -h$DBHOST &>> "$LOGFILE"
|
||||||
echo -en "${cyan}Creating Pandora FMS database...${reset}"
|
echo -en "${cyan}Creating Pandora FMS database...${reset}"
|
||||||
echo "create database $DBNAME" | mysql -uroot -P$DBPORT -h$DBHOST
|
echo "create database $DBNAME" | mysql -uroot -P$DBPORT -h$DBHOST
|
||||||
check_cmd_status "Error creating database $DBNAME, is this an empty node? if you have a previus installation please contact with support."
|
check_cmd_status "Error creating database $DBNAME, is this an empty node? if you have a previus installation please contact with support."
|
||||||
|
|
|
@ -24,10 +24,10 @@ LOGFILE="/tmp/pandora-deploy-community-$(date +%F).log"
|
||||||
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
||||||
[ "$DBNAME" ] || DBNAME=pandora
|
[ "$DBNAME" ] || DBNAME=pandora
|
||||||
[ "$DBUSER" ] || DBUSER=pandora
|
[ "$DBUSER" ] || DBUSER=pandora
|
||||||
[ "$DBPASS" ] || DBPASS=pandora
|
[ "$DBPASS" ] || DBPASS='Pandor4!'
|
||||||
[ "$DBPORT" ] || DBPORT=3306
|
[ "$DBPORT" ] || DBPORT=3306
|
||||||
[ "$DBROOTUSER" ] || DBROOTUSER=root
|
[ "$DBROOTUSER" ] || DBROOTUSER=root
|
||||||
[ "$DBROOTPASS" ] || DBROOTPASS=pandora
|
[ "$DBROOTPASS" ] || DBROOTPASS='Pandor4!'
|
||||||
[ "$SKIP_PRECHECK" ] || SKIP_PRECHECK=0
|
[ "$SKIP_PRECHECK" ] || SKIP_PRECHECK=0
|
||||||
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
||||||
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
||||||
|
@ -125,6 +125,52 @@ installing_docker () {
|
||||||
echo "End installig docker" &>> "$LOGFILE"
|
echo "End installig docker" &>> "$LOGFILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Function to check if a password meets the MySQL secure password requirements
|
||||||
|
is_mysql_secure_password() {
|
||||||
|
local password=$1
|
||||||
|
|
||||||
|
# Check password length (at least 8 characters)
|
||||||
|
if [[ ${#password} -lt 8 ]]; then
|
||||||
|
echo "Password length should be at least 8 characters."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one uppercase letter
|
||||||
|
if [[ $password == ${password,,} ]]; then
|
||||||
|
echo "Password should contain at least one uppercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one lowercase letter
|
||||||
|
if [[ $password == ${password^^} ]]; then
|
||||||
|
echo "Password should contain at least one lowercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one digit
|
||||||
|
if ! [[ $password =~ [0-9] ]]; then
|
||||||
|
echo "Password should contain at least one digit."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one special character
|
||||||
|
if ! [[ $password =~ [[:punct:]] ]]; then
|
||||||
|
echo "Password should contain at least one special character."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password is not a common pattern (e.g., "password", "123456")
|
||||||
|
local common_patterns=("password" "123456" "qwerty")
|
||||||
|
for pattern in "${common_patterns[@]}"; do
|
||||||
|
if [[ $password == *"$pattern"* ]]; then
|
||||||
|
echo "Password should not contain common patterns."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# If all checks pass, the password is MySQL secure compliant
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
## Main
|
## Main
|
||||||
echo "Starting PandoraFMS Community deployment EL8 ver. $S_VERSION"
|
echo "Starting PandoraFMS Community deployment EL8 ver. $S_VERSION"
|
||||||
|
@ -189,6 +235,10 @@ execute_cmd "grep --version" 'Checking needed tools: grep'
|
||||||
execute_cmd "sed --version" 'Checking needed tools: sed'
|
execute_cmd "sed --version" 'Checking needed tools: sed'
|
||||||
execute_cmd "dnf --version" 'Checking needed tools: dnf'
|
execute_cmd "dnf --version" 'Checking needed tools: dnf'
|
||||||
|
|
||||||
|
#Check mysql pass
|
||||||
|
execute_cmd "is_mysql_secure_password $DBROOTPASS" "Checking DBROOTPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
execute_cmd "is_mysql_secure_password $DBPASS" "Checking DBPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
|
||||||
# Creating working directory
|
# Creating working directory
|
||||||
rm -rf "$HOME"/pandora_deploy_tmp/*.rpm* &>> "$LOGFILE"
|
rm -rf "$HOME"/pandora_deploy_tmp/*.rpm* &>> "$LOGFILE"
|
||||||
mkdir "$HOME"/pandora_deploy_tmp &>> "$LOGFILE"
|
mkdir "$HOME"/pandora_deploy_tmp &>> "$LOGFILE"
|
||||||
|
@ -437,7 +487,6 @@ if [ "$SKIP_DATABASE_INSTALL" -eq '0' ] ; then
|
||||||
if [ "$MYVER" -eq '80' ] ; then
|
if [ "$MYVER" -eq '80' ] ; then
|
||||||
echo """
|
echo """
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = 'Pandor4!';
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = 'Pandor4!';
|
||||||
UNINSTALL COMPONENT 'file://component_validate_password';
|
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = '$DBROOTPASS';
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = '$DBROOTPASS';
|
||||||
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"
|
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"
|
||||||
fi
|
fi
|
||||||
|
@ -445,7 +494,6 @@ if [ "$SKIP_DATABASE_INSTALL" -eq '0' ] ; then
|
||||||
if [ "$MYVER" -ne '80' ] ; then
|
if [ "$MYVER" -ne '80' ] ; then
|
||||||
echo """
|
echo """
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('Pandor4!');
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('Pandor4!');
|
||||||
UNINSTALL PLUGIN validate_password;
|
|
||||||
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('$DBROOTPASS');
|
SET PASSWORD FOR '$DBROOTUSER'@'localhost' = PASSWORD('$DBROOTPASS');
|
||||||
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"fi
|
""" | mysql --connect-expired-password -u$DBROOTUSER &>> "$LOGFILE"fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -27,9 +27,9 @@ rm -f $LOGFILE &> /dev/null # remove last log before start
|
||||||
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
[ "$DBHOST" ] || DBHOST=127.0.0.1
|
||||||
[ "$DBNAME" ] || DBNAME=pandora
|
[ "$DBNAME" ] || DBNAME=pandora
|
||||||
[ "$DBUSER" ] || DBUSER=pandora
|
[ "$DBUSER" ] || DBUSER=pandora
|
||||||
[ "$DBPASS" ] || DBPASS=pandora
|
[ "$DBPASS" ] || DBPASS='Pandor4!'
|
||||||
[ "$DBPORT" ] || DBPORT=3306
|
[ "$DBPORT" ] || DBPORT=3306
|
||||||
[ "$DBROOTPASS" ] || DBROOTPASS=pandora
|
[ "$DBROOTPASS" ] || DBROOTPASS='Pandor4!'
|
||||||
[ "$SKIP_PRECHECK" ] || SKIP_PRECHECK=0
|
[ "$SKIP_PRECHECK" ] || SKIP_PRECHECK=0
|
||||||
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
[ "$SKIP_DATABASE_INSTALL" ] || SKIP_DATABASE_INSTALL=0
|
||||||
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
[ "$SKIP_KERNEL_OPTIMIZATIONS" ] || SKIP_KERNEL_OPTIMIZATIONS=0
|
||||||
|
@ -113,6 +113,53 @@ check_root_permissions () {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Function to check if a password meets the MySQL secure password requirements
|
||||||
|
is_mysql_secure_password() {
|
||||||
|
local password=$1
|
||||||
|
|
||||||
|
# Check password length (at least 8 characters)
|
||||||
|
if [[ ${#password} -lt 8 ]]; then
|
||||||
|
echo "Password length should be at least 8 characters."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one uppercase letter
|
||||||
|
if [[ $password == ${password,,} ]]; then
|
||||||
|
echo "Password should contain at least one uppercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one lowercase letter
|
||||||
|
if [[ $password == ${password^^} ]]; then
|
||||||
|
echo "Password should contain at least one lowercase letter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one digit
|
||||||
|
if ! [[ $password =~ [0-9] ]]; then
|
||||||
|
echo "Password should contain at least one digit."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password contains at least one special character
|
||||||
|
if ! [[ $password =~ [[:punct:]] ]]; then
|
||||||
|
echo "Password should contain at least one special character."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if password is not a common pattern (e.g., "password", "123456")
|
||||||
|
local common_patterns=("password" "123456" "qwerty")
|
||||||
|
for pattern in "${common_patterns[@]}"; do
|
||||||
|
if [[ $password == *"$pattern"* ]]; then
|
||||||
|
echo "Password should not contain common patterns."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# If all checks pass, the password is MySQL secure compliant
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
installing_docker () {
|
installing_docker () {
|
||||||
#Installing docker for debug
|
#Installing docker for debug
|
||||||
echo "Start installig docker" &>> "$LOGFILE"
|
echo "Start installig docker" &>> "$LOGFILE"
|
||||||
|
@ -194,6 +241,10 @@ execute_cmd "grep --version" 'Checking needed tools: grep'
|
||||||
execute_cmd "sed --version" 'Checking needed tools: sed'
|
execute_cmd "sed --version" 'Checking needed tools: sed'
|
||||||
execute_cmd "apt --version" 'Checking needed tools: apt'
|
execute_cmd "apt --version" 'Checking needed tools: apt'
|
||||||
|
|
||||||
|
#Check mysql pass
|
||||||
|
execute_cmd "is_mysql_secure_password $DBROOTPASS" "Checking DBROOTPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
execute_cmd "is_mysql_secure_password $DBPASS" "Checking DBPASS password match policy" 'This password do not match minimum MySQL policy requirements, more info in: https://dev.mysql.com/doc/refman/8.0/en/validate-password.html'
|
||||||
|
|
||||||
# Creating working directory
|
# Creating working directory
|
||||||
rm -rf "$WORKDIR" &>> "$LOGFILE"
|
rm -rf "$WORKDIR" &>> "$LOGFILE"
|
||||||
mkdir -p "$WORKDIR" &>> "$LOGFILE"
|
mkdir -p "$WORKDIR" &>> "$LOGFILE"
|
||||||
|
@ -286,6 +337,7 @@ server_dependencies=" \
|
||||||
libgeo-ip-perl \
|
libgeo-ip-perl \
|
||||||
arping \
|
arping \
|
||||||
snmp-mibs-downloader \
|
snmp-mibs-downloader \
|
||||||
|
snmptrapd \
|
||||||
libnsl2 \
|
libnsl2 \
|
||||||
openjdk-8-jdk "
|
openjdk-8-jdk "
|
||||||
execute_cmd "apt install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
|
execute_cmd "apt install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
|
||||||
|
@ -402,6 +454,7 @@ if [ "$SKIP_DATABASE_INSTALL" -eq '0' ] ; then
|
||||||
""" | mysql -uroot &>> "$LOGFILE"
|
""" | mysql -uroot &>> "$LOGFILE"
|
||||||
|
|
||||||
export MYSQL_PWD=$DBROOTPASS
|
export MYSQL_PWD=$DBROOTPASS
|
||||||
|
echo "INSTALL COMPONENT 'file://component_validate_password';" | mysql -uroot -P$DBPORT -h$DBHOST &>> "$LOGFILE"
|
||||||
echo -en "${cyan}Creating Pandora FMS database...${reset}"
|
echo -en "${cyan}Creating Pandora FMS database...${reset}"
|
||||||
echo "create database $DBNAME" | mysql -uroot -P$DBPORT -h$DBHOST
|
echo "create database $DBNAME" | mysql -uroot -P$DBPORT -h$DBHOST
|
||||||
check_cmd_status "Error creating database $DBNAME, is this an empty node? if you have a previus installation please contact with support."
|
check_cmd_status "Error creating database $DBNAME, is this an empty node? if you have a previus installation please contact with support."
|
||||||
|
@ -785,6 +838,10 @@ sed --follow-symlinks -i -e "s/^openssl_conf = openssl_init/#openssl_conf = open
|
||||||
# Enable postfix
|
# Enable postfix
|
||||||
systemctl enable postfix --now &>> "$LOGFILE"
|
systemctl enable postfix --now &>> "$LOGFILE"
|
||||||
|
|
||||||
|
# Disable snmptrapd
|
||||||
|
systemctl disable --now snmptrapd &>> "$LOGFILE"
|
||||||
|
systemctl disable --now snmptrapd.socket &>> "$LOGFILE"
|
||||||
|
|
||||||
#SSH banner
|
#SSH banner
|
||||||
[ "$(curl -s ifconfig.me)" ] && ipplublic=$(curl -s ifconfig.me)
|
[ "$(curl -s ifconfig.me)" ] && ipplublic=$(curl -s ifconfig.me)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue