academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #324 from parrobe/pwfix

Browse Source 
Set password length to meet VA scan requirements
This commit is contained in:
Rob Parker
2019-05-31 13:11:40 +01:00
committed by GitHub
parent a6f307c6b5 b3fd5f7562
commit ebf55608d7
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile-server
View File

@@ -86,7 +86,6 @@ RUN chmod ug+x /usr/local/bin/runmqserver \
&& chmod ug+xs /usr/local/bin/chkmq* \ && chmod ug+xs /usr/local/bin/chkmq* \
&& chown -R mqm:mqm /etc/mqm/* \ && chown -R mqm:mqm /etc/mqm/* \
&& install --directory --mode 0775 --owner mqm --group root /run/runmqserver \ && install --directory --mode 0775 --owner mqm --group root /run/runmqserver \
&& install --directory --mode 0775 --owner mqm --group root /run/tls \
&& touch /run/termination-log \ && touch /run/termination-log \
&& chown mqm:root /run/termination-log \ && chown mqm:root /run/termination-log \
&& chmod 0660 /run/termination-log && chmod 0660 /run/termination-log

2
install-mq.sh
View File

@@ -90,6 +90,8 @@ ln -s /mnt/mqm/data /var/mqm
# Optional: Ensure any passwords expire in a timely manner # Optional: Ensure any passwords expire in a timely manner
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs
sed -i 's/PASS_MIN_LEN\t5/PASS_MIN_LEN\t8/' /etc/login.defs
sed -i 's/# minlen = 9/minlen = 8/' /etc/security/pwquality.conf
$UBUNTU && PAM_FILE=/etc/pam.d/common-password $UBUNTU && PAM_FILE=/etc/pam.d/common-password
$RPM && PAM_FILE=/etc/pam.d/password-auth $RPM && PAM_FILE=/etc/pam.d/password-auth

17
internal/tls/tls.go
View File

@@ -346,6 +346,23 @@ func processTrustCertificates(trustDir string, cmsKeyDB, p12TrustDB *KeyStoreDat
if err != nil { if err != nil {
return fmt.Errorf("Could not add certificates to PKCS#12 Truststore: %v", err) return fmt.Errorf("Could not add certificates to PKCS#12 Truststore: %v", err)
} }
// We need to relabel everything because liberty doesn't play nicely with autolabelled certs
allCerts, err := p12TrustDB.Keystore.ListAllCertificates()
if err != nil || len(allCerts) <= 0 {
return fmt.Errorf("Could not get any certificates from PKCS#12 Truststore: %v", err)
}
for i, cert := range allCerts {
cert = strings.Trim(cert, "\"")
cert = strings.TrimSpace(cert)
newLabel := fmt.Sprintf("Trust%d", i)
err = p12TrustDB.Keystore.RenameCertificate(cert, newLabel)
if err != nil || len(allCerts) <= 0 {
return fmt.Errorf("Could not rename certificate %s to %s in PKCS#12 Truststore: %v", cert, newLabel, err)
}
}
} }
if len(cmsKeyDB.TrustedCerts) > 0 { if len(cmsKeyDB.TrustedCerts) > 0 {