diff --git a/package/extras/aca/tomcat-mysql-hirs.pp b/package/extras/aca/tomcat-mysql-hirs.pp deleted file mode 100755 index 601ca53e..00000000 Binary files a/package/extras/aca/tomcat-mysql-hirs.pp and /dev/null differ diff --git a/package/extras/aca/tomcat-mysql-hirs.te b/package/extras/aca/tomcat-mysql-hirs.te deleted file mode 100644 index 0b611f44..00000000 --- a/package/extras/aca/tomcat-mysql-hirs.te +++ /dev/null @@ -1,13 +0,0 @@ - -module tomcat-mysql-hirs 1.0; - -require { - type mysqld_port_t; - type tomcat_t; - class tcp_socket name_connect; -} - -#============= tomcat_t ============== - -#!!!! This avc is allowed in the current policy -allow tomcat_t mysqld_port_t:tcp_socket name_connect; diff --git a/package/scripts/aca/aca_bootRun.sh b/package/scripts/aca/aca_bootRun.sh index 4d54afda..f98b85aa 100755 --- a/package/scripts/aca/aca_bootRun.sh +++ b/package/scripts/aca/aca_bootRun.sh @@ -68,7 +68,8 @@ keyStore="$CLIENT_DB_P12" " WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \ --server.ssl.trust-store-password=$hirs_pki_password" -echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\"" +# uncomment to show spring boot and hibernate properties used as gradle argumanets +#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\"" if [ "$USE_WAR" == "war" ]; then echo "Booting the ACA from a $USE_WAR file..." diff --git a/package/scripts/aca/aca_setup.sh b/package/scripts/aca/aca_setup.sh index 5a32b53e..9cb7483b 100755 --- a/package/scripts/aca/aca_setup.sh +++ b/package/scripts/aca/aca_setup.sh @@ -1,14 +1,11 @@ #!/bin/bash # Capture location of the script to allow from invocation from any location SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; ) -#SPRING_PROP_FILE='../../../HIRS_AttestationCAPortal/src/main/resources/application.properties' HIRS_CONF_DIR=/etc/hirs/aca LOG_FILE_NAME="hirs_aca_install_"$(date +%Y-%m-%d).log LOG_DIR="/var/log/hirs/" LOG_FILE="$LOG_DIR$LOG_FILE_NAME" HIRS_PROP_DIR="/opt/hirs/default-properties" -#COMP_JSON='../../../HIRS_AttestationCA/src/main/resources/component-class.json' -#VENDOR_TABLE='../../../HIRS_AttestationCA/src/main/resources/vendor-table.json' help () { echo " Setup script for the HIRS ACA" @@ -62,12 +59,6 @@ mkdir -p $HIRS_CONF_DIR $LOG_DIR $HIRS_PROP_DIR echo "ACA setup log file is $LOG_FILE" -#if [ -z $HIRS_MYSQL_ROOT_PWD ]; then -# echo "HIRS_MYSQL_ROOT_PWD is not set, using locally generated mysql root password" -# else -# echo "HIRS_MYSQL_ROOT_PWD is set, using previously set mysql root password" -#fi - if [ "$EUID" -ne 0 ] then echo "This script requires root. Please run as root" exit 1 @@ -88,13 +79,6 @@ if [ -z $HIRS_PKI_PWD ]; then echo "Using system supplied password for the PKI key password" | tee -a "$LOG_FILE" fi -# Copy HIRS configuration and data files if not a package install -#if [ -f $SPRING_PROP_FILE ]; then -# cp -n $SPRING_PROP_FILE $HIRS_CONF_DIR/. -# cp -n $COMP_JSON $HIRS_PROP_DIR/. -# cp -n $VENDOR_TABLE $HIRS_PROP_DIR/. -#fi - if [ -z "${ARG_SKIP_PKI}" ]; then sh ../pki/pki_setup.sh $LOG_FILE $PKI_PASS $ARG_UNATTEND if [ $? -eq 0 ]; then diff --git a/package/scripts/db/db_create.sh b/package/scripts/db/db_create.sh index e9691b16..8cee8db8 100644 --- a/package/scripts/db/db_create.sh +++ b/package/scripts/db/db_create.sh @@ -9,7 +9,6 @@ LOG_FILE=$1 UNATTENDED=$2 -# LOG_FILE="/var/log/hirs/hirs_aca_install_$(date +%Y-%m-%d).log" # Capture location of the script to allow from invocation from any location SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; ) SPRING_PROP_FILE="/etc/hirs/aca/application.properties" @@ -46,7 +45,7 @@ check_mysql_root_pwd () { echo "Using randomly generated password for the DB admin" | tee -a "$LOG_FILE" DB_ADMIN_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9') echo "DB Admin will be set to $DB_ADMIN_PWD , please make note for next mysql use." - # Check i UNATTENDED flag set m if not then prompt user for permission ot store mysql root password + # Check UNATTENDED flag set m if not then prompt user for permission ot store mysql root password if [ -z $UNATTENDED ]; then read -p "Do you wish to save this password to the aca.properties file? " confirm if [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]; then diff --git a/package/scripts/db/db_drop.sh b/package/scripts/db/db_drop.sh index b4537fea..a994d505 100644 --- a/package/scripts/db/db_drop.sh +++ b/package/scripts/db/db_drop.sh @@ -29,7 +29,6 @@ fi echo "dropping hirs_db database" if pgrep mysqld >/dev/null 2>&1; then - # mysql -u "root" --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_drop.sql mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES" mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';" mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"