webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 04:05:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

apache: Ensure that not everyone can read the keys

Browse Source 
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2017-11-07 20:30:52 +00:00
parent b5aca95b94
commit d409286074
3 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/initscripts/system/apache
View File

@@ -11,6 +11,7 @@ generate_certificates() {
if [ ! -f "/etc/httpd/server.key" ]; then
boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
chmod 600 /etc/httpd/server.key
evaluate_retval
fi
@@ -18,6 +19,7 @@ generate_certificates() {
boot_mesg "Generating HTTPS ECDSA server key..."
openssl ecparam -genkey -name secp384r1 -noout \
-out /etc/httpd/server-ecdsa.key &>/dev/null
chmod 600 /etc/httpd/server-ecdsa.key
evaluate_retval
fi