mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-07 05:28:53 +00:00
Merge pull request #753 from nsacyber/v3_issue_749-setup_check
[#749] ACA setup check
This commit is contained in:
commit
a903b0e448
@ -11,6 +11,7 @@ plugins {
|
|||||||
// Get version from main project gradle
|
// Get version from main project gradle
|
||||||
def packVersion = properties.get("packageVersion");
|
def packVersion = properties.get("packageVersion");
|
||||||
def jarVersion = properties.get("jarVersion");
|
def jarVersion = properties.get("jarVersion");
|
||||||
|
def projVersion = properties.get("projVersion");
|
||||||
//println "packageVersion is ${projVersion}"
|
//println "packageVersion is ${projVersion}"
|
||||||
|
|
||||||
java {
|
java {
|
||||||
@ -96,10 +97,12 @@ task buildVersion() {
|
|||||||
|
|
||||||
ospackage {
|
ospackage {
|
||||||
packageName = 'HIRS_AttestationCA'
|
packageName = 'HIRS_AttestationCA'
|
||||||
|
description = 'HIRS Attestation CA. Use systemctl status hirs-aca'
|
||||||
os = LINUX
|
os = LINUX
|
||||||
arch = NOARCH
|
arch = NOARCH
|
||||||
version = "$packVersion"
|
version = "$packVersion"
|
||||||
release = '1'
|
release = '2'
|
||||||
|
|
||||||
|
|
||||||
user 'root'
|
user 'root'
|
||||||
fileMode = 0755
|
fileMode = 0755
|
||||||
@ -107,6 +110,9 @@ ospackage {
|
|||||||
addParentDirs = true
|
addParentDirs = true
|
||||||
createDirectoryEntry true
|
createDirectoryEntry true
|
||||||
|
|
||||||
|
into ('/etc/hirs') {
|
||||||
|
from '../VERSION'
|
||||||
|
}
|
||||||
// copy json tables
|
// copy json tables
|
||||||
into ('/etc/hirs/aca/default-properties') {
|
into ('/etc/hirs/aca/default-properties') {
|
||||||
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
|
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
|
||||||
@ -128,10 +134,14 @@ ospackage {
|
|||||||
fileMode = 0755
|
fileMode = 0755
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Install - check for existing setup
|
||||||
|
preInstall 'if [ -d /etc/hirs ]; then echo "Error: /etc/hirs/ exists, aborting install"; exit 1; fi;'
|
||||||
|
preInstall 'if [ -d /opt/hirs ]; then echo "Error: /opt/hirs/ exists, aborting install"; exit 1; fi;'
|
||||||
// Uninstall
|
// Uninstall
|
||||||
preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
|
preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh $1'
|
||||||
preUninstall 'bash /opt/hirs/aca/scripts/systemd/aca_disable_service.sh'
|
preUninstall 'bash /opt/hirs/aca/scripts/systemd/aca_disable_service.sh'
|
||||||
postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;'
|
postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;'
|
||||||
|
postUninstall 'if [ -d /opt/hirs ]; then rm -rf /opt/hirs; fi;'
|
||||||
|
|
||||||
buildRpm {
|
buildRpm {
|
||||||
dependsOn ':HIRS_AttestationCAPortal:buildVersion'
|
dependsOn ':HIRS_AttestationCAPortal:buildVersion'
|
||||||
@ -149,9 +159,6 @@ ospackage {
|
|||||||
postTrans 'firewall-cmd --reload'
|
postTrans 'firewall-cmd --reload'
|
||||||
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
||||||
postTrans 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
|
postTrans 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
|
||||||
// postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
|
|
||||||
// add chrontab to run ACA at boot
|
|
||||||
//postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
|
|
||||||
postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'
|
postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'
|
||||||
postTrans 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
|
postTrans 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
|
||||||
// Wait for ACA to start up before finishing the install
|
// Wait for ACA to start up before finishing the install
|
||||||
@ -168,9 +175,7 @@ ospackage {
|
|||||||
requires('curl')
|
requires('curl')
|
||||||
// Install after required packages
|
// Install after required packages
|
||||||
postInstall 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
postInstall 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
||||||
//postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
|
|
||||||
postInstall 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
|
postInstall 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
|
||||||
postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
|
|
||||||
postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
|
postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
|
||||||
postInstall 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
|
postInstall 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
|
||||||
// Wait for ACA to start up before finishing the install
|
// Wait for ACA to start up before finishing the install
|
||||||
|
@ -51,6 +51,7 @@ def gitHash = { ->
|
|||||||
return stdout.toString().trim()
|
return stdout.toString().trim()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
project.ext["projVersion"] = "${projectVersion}"
|
||||||
project.ext["jarVersion"] = "${projectVersion}.${buildTime}.${gitHash}"
|
project.ext["jarVersion"] = "${projectVersion}.${buildTime}.${gitHash}"
|
||||||
project.ext["packageVersion"] = "${projectVersion}.${buildTime}.${gitHash}.el8"
|
project.ext["packageVersion"] = "${projectVersion}.${buildTime}.${gitHash}.el8"
|
||||||
|
|
||||||
|
@ -75,6 +75,8 @@ while [[ $# -gt 0 ]]; do
|
|||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
check_systemd -p
|
||||||
|
|
||||||
echo "Checking HIRS ACA Setup on this device..."
|
echo "Checking HIRS ACA Setup on this device..."
|
||||||
# Check if aca setup was performed
|
# Check if aca setup was performed
|
||||||
# Check is RPM was installed via RPM package
|
# Check is RPM was installed via RPM package
|
||||||
@ -91,7 +93,8 @@ echo "Checking HIRS ACA Setup on this device..."
|
|||||||
echo "$ID OS distro encountered"
|
echo "$ID OS distro encountered"
|
||||||
fi
|
fi
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
echo "HIRS ACA was installed via an OS package on this device"
|
echo "HIRS ACA was installed via an OS package on this device."
|
||||||
|
if [ $SYSD_SERVICE = true ]; then
|
||||||
systemctl is-active --quiet hirs-aca
|
systemctl is-active --quiet hirs-aca
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
echo " The hirs-aca service is active"
|
echo " The hirs-aca service is active"
|
||||||
@ -100,8 +103,11 @@ echo "Checking HIRS ACA Setup on this device..."
|
|||||||
ALL_CHECKS_PASSED=false
|
ALL_CHECKS_PASSED=false
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
echo "ACA not installed via a package."
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
check_systemd -p
|
|
||||||
|
|
||||||
# Check install setup pki files
|
# Check install setup pki files
|
||||||
if [ ! -d $CERT_PATH ]; then
|
if [ ! -d $CERT_PATH ]; then
|
||||||
@ -130,7 +136,7 @@ echo "Checking if ACA passwords are present..."
|
|||||||
echo "hirs db user password not set"
|
echo "hirs db user password not set"
|
||||||
PRESENT=false
|
PRESENT=false
|
||||||
fi
|
fi
|
||||||
if [ $PRESENT ]; then
|
if [ $PRESENT = true ]; then
|
||||||
echo " ACA passwords were found"
|
echo " ACA passwords were found"
|
||||||
else
|
else
|
||||||
echo " ERROR finding ACA passwords"
|
echo " ERROR finding ACA passwords"
|
||||||
@ -182,7 +188,7 @@ check_cert () {
|
|||||||
ALL_CERTS_PASSED=false
|
ALL_CERTS_PASSED=false
|
||||||
fi
|
fi
|
||||||
if [ ! -z "${ARG_VERBOSE}" ]; then
|
if [ ! -z "${ARG_VERBOSE}" ]; then
|
||||||
echo " "$RESULTACA_PROP_FILE
|
echo " "$RESULT
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,8 +7,31 @@
|
|||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
|
||||||
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
|
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
|
||||||
|
OPTION_IN=$1; # per Fedora packing guidelines: $1 = 1 for an upgrade, 0 for a remove
|
||||||
|
if [ -z $1 ]; then OPTION_IN="2"; fi # Set if called by command line
|
||||||
|
case $OPTION_IN in
|
||||||
|
"0")
|
||||||
|
echo "Package removal requested"
|
||||||
|
OPTION="ACA_PKG_REMOVE"
|
||||||
|
;;
|
||||||
|
"1")
|
||||||
|
echo "Package upgrade requested"
|
||||||
|
OPTION="ACA_UPGRADE"
|
||||||
|
;;
|
||||||
|
"2")
|
||||||
|
echo "ACA Setup removal requested"
|
||||||
|
OPTION="ACA_SET_REMOVE"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "$1 is an unknown parameter for aca_remove_setup"
|
||||||
|
exit 1
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
LOG_FILE=/dev/null
|
LOG_FILE=/dev/null
|
||||||
LOG_DIR="/var/log/hirs/"
|
LOG_DIR="/var/log/hirs/"
|
||||||
|
|
||||||
# Check for Admin privileges
|
# Check for Admin privileges
|
||||||
if [ "$EUID" -ne 0 ]; then
|
if [ "$EUID" -ne 0 ]; then
|
||||||
echo "This script requires root. ACA setup not removed. Please run as root."
|
echo "This script requires root. ACA setup not removed. Please run as root."
|
||||||
@ -33,15 +56,17 @@ check_mariadb_install
|
|||||||
check_mysql_root
|
check_mysql_root
|
||||||
|
|
||||||
# remove the hrs-db and hirs_db user
|
# remove the hrs-db and hirs_db user
|
||||||
|
if [ $OPTION = "ACA_SET_REMOVE" ] || [ $OPTION = "ACA_PKG_REMOVE" ]; then
|
||||||
pushd $SCRIPT_DIR/../db/ &>/dev/null
|
pushd $SCRIPT_DIR/../db/ &>/dev/null
|
||||||
./db_drop.sh $DB_ADMIN_PWD
|
./db_drop.sh $DB_ADMIN_PWD
|
||||||
popd &>/dev/null
|
popd &>/dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
# remove pki files and config files if not installed by rpm
|
# remove pki files and config files if not installed by rpm
|
||||||
echo "Removing certificates and config files..."
|
echo "Removing certificates and config files..."
|
||||||
|
|
||||||
# Remove /opt/hirs only if not configured by a package based install:
|
# Remove /opt/hirs only if not configured by a package based install:
|
||||||
if [ -f /opt/hirs/aca/VERSION ]; then
|
if [ $OPTION = "ACA_SET_REMOVE" ]; then
|
||||||
if [ -d "/etc/hirs" ]; then
|
if [ -d "/etc/hirs" ]; then
|
||||||
rm -rf /etc/hirs >/dev/null 2>&1
|
rm -rf /etc/hirs >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
@ -54,9 +79,7 @@ if [ -d $LOG_DIR ]; then
|
|||||||
rm -rf $LOG_DIR;
|
rm -rf $LOG_DIR;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Remove crontab and current ACA process
|
# Remove current ACA process
|
||||||
echo "Removing the ACA crontab"
|
|
||||||
sed -i '/aca_bootRun.sh/d' /etc/crontab
|
|
||||||
echo "Shutting down the aca..."
|
echo "Shutting down the aca..."
|
||||||
ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh >/dev/null 2>&1
|
ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh >/dev/null 2>&1
|
||||||
echo "ACA setup removal complete."
|
echo "ACA setup removal complete."
|
||||||
|
@ -63,6 +63,13 @@ while [[ $# -gt 0 ]]; do
|
|||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
echo "Input is $1"
|
||||||
|
if [[ $1 -eq 1 ]] ; then
|
||||||
|
echo "Install detected $1"
|
||||||
|
else
|
||||||
|
echo "Upgrade detected $1"
|
||||||
|
fi
|
||||||
|
|
||||||
# Check for existing installation folders and exist if found
|
# Check for existing installation folders and exist if found
|
||||||
if [ -z $ARG_UNATTEND ]; then
|
if [ -z $ARG_UNATTEND ]; then
|
||||||
if [ -d "/etc/hirs" ]; then
|
if [ -d "/etc/hirs" ]; then
|
||||||
|
@ -115,9 +115,9 @@ set_mysql_server_tls () {
|
|||||||
#echo "tls_version=TLSv1.2,TLSv1.3" >> "$DB_SRV_CONF"
|
#echo "tls_version=TLSv1.2,TLSv1.3" >> "$DB_SRV_CONF"
|
||||||
#echo "require_secure_transport=ON" >> "$DB_SRV_CONF"
|
#echo "require_secure_transport=ON" >> "$DB_SRV_CONF"
|
||||||
|
|
||||||
|
|
||||||
# Make sure mysql can access them
|
# Make sure mysql can access them
|
||||||
chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY
|
chown mysql:mysql $SSL_DB_SRV_CHAIN $SSL_DB_SRV_CERT $SSL_DB_SRV_KEY
|
||||||
|
chmod 644 $DB_SRV_CONF $DB_CLIENT_CONF
|
||||||
# Make selinux contexts for config files, if selinux is enabled
|
# Make selinux contexts for config files, if selinux is enabled
|
||||||
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
|
if [[ $ID = "rhel" ]] || [[ $ID = "rocky" ]] ||[[ $ID = "fedora" ]]; then
|
||||||
command -v selinuxenabled > /dev/null
|
command -v selinuxenabled > /dev/null
|
||||||
@ -158,13 +158,8 @@ fi
|
|||||||
|
|
||||||
# Process HIRS DB USER
|
# Process HIRS DB USER
|
||||||
set_hirs_db_pwd () {
|
set_hirs_db_pwd () {
|
||||||
|
check_hirs_db
|
||||||
RESULT="$(mysql -u root --password=$DB_ADMIN_PWD -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
if [[ $HIRS_DB_USER_EXISTS != "1" ]]; then
|
||||||
|
|
||||||
if [ "$RESULT" = 1 ]; then
|
|
||||||
echo "hirs-db user exists"
|
|
||||||
HIRS_DB_PWD=$hirs_db_password
|
|
||||||
else
|
|
||||||
# Check if Mysql HIRS DB password set by system variable or set to random number
|
# Check if Mysql HIRS DB password set by system variable or set to random number
|
||||||
if [ -z $HIRS_DB_PWD ]; then
|
if [ -z $HIRS_DB_PWD ]; then
|
||||||
HIRS_DB_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
|
HIRS_DB_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
|
||||||
@ -182,11 +177,18 @@ set_hirs_db_pwd () {
|
|||||||
if [[ $(grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then
|
if [[ $(grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||||
echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE
|
echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
echo "hirs-db user already exists, skipping"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create a hirs_db with client side TLS enabled
|
# Create a hirs_db with client side TLS enabled
|
||||||
create_hirs_db_with_tls () {
|
create_hirs_db_with_tls () {
|
||||||
|
check_hirs_db_user
|
||||||
|
echo "Now HIRS_DB_USER_EXISTS is $HIRS_DB_USER_EXISTS"
|
||||||
|
if [[ $HIRS_DB_USER_EXISTS == "1" ]]; then
|
||||||
|
echo "hirs_db already exists, skipping"
|
||||||
|
else
|
||||||
# Check if hirs_db not created and create it if it wasn't
|
# Check if hirs_db not created and create it if it wasn't
|
||||||
mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" >> $LOG_FILE 2>&1
|
mysqlshow --user=root --password="$DB_ADMIN_PWD" | grep "hirs_db" >> $LOG_FILE 2>&1
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
@ -195,6 +197,8 @@ create_hirs_db_with_tls () {
|
|||||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
|
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
|
||||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
|
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
|
||||||
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
|
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
|
||||||
|
echo "**** Setting hirs_db pwd to $HIRS_DB_PWD ***"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,14 +236,12 @@ fi
|
|||||||
# HIRS ACA Mysqld processing ...
|
# HIRS ACA Mysqld processing ...
|
||||||
check_systemd -p
|
check_systemd -p
|
||||||
check_mariadb_install
|
check_mariadb_install
|
||||||
|
|
||||||
start_mysqlsd
|
start_mysqlsd
|
||||||
check_mysql
|
check_mysql
|
||||||
check_mysql_root_pwd
|
check_mysql_root_pwd
|
||||||
clear_hirs_user
|
|
||||||
set_hirs_db_pwd
|
set_hirs_db_pwd
|
||||||
|
create_hirs_db_with_tls
|
||||||
set_mysql_server_tls
|
set_mysql_server_tls
|
||||||
set_mysql_client_tls
|
set_mysql_client_tls
|
||||||
create_hirs_db_with_tls
|
|
||||||
create_hibernate_url "RSA" "hirs_db"
|
create_hibernate_url "RSA" "hirs_db"
|
||||||
mysqld_reboot
|
mysqld_reboot
|
||||||
|
@ -154,6 +154,26 @@ $(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_hirs_db_user () {
|
||||||
|
PRINT_STATUS=$1
|
||||||
|
HIRS_DB_USER_EXISTS="$(mysql -uroot --password=$DB_ADMIN_PWD -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||||
|
if [[ $HIRS_DB_USER_EXISTS == "1" ]]; then
|
||||||
|
if [[ $PRINT_STATUS == "-p" ]];then echo " hirs_db user exists" | tee -a "$LOG_FILE"; fi;
|
||||||
|
else
|
||||||
|
if [[ $PRINT_STATUS == "-p" ]]; then echo " hirs_db user does not exist" | tee -a "$LOG_FILE"; fi;
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_hirs_db () {
|
||||||
|
PRINT_STATUS=$1
|
||||||
|
HIRS_DB_EXISTS="$(mysql -uroot --password=$DB_ADMIN_PWD -e "SHOW DATABASES" | grep hirs_db)"
|
||||||
|
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
|
||||||
|
if [[ $PRINT_STATUS == "-p" ]];then echo " hirs_db database exists" | tee -a "$LOG_FILE"; fi;
|
||||||
|
else
|
||||||
|
if [[ $PRINT_STATUS == "-p" ]];then echo " hirs_db database does not exists" | tee -a "$LOG_FILE"; fi;
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_db_cleared () {
|
check_db_cleared () {
|
||||||
$(mysql -u root -e 'quit' &> /dev/null);
|
$(mysql -u root -e 'quit' &> /dev/null);
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
@ -162,13 +182,13 @@ check_db_cleared () {
|
|||||||
echo " Mysql Root password is not empty" | tee -a "$LOG_FILE";
|
echo " Mysql Root password is not empty" | tee -a "$LOG_FILE";
|
||||||
fi
|
fi
|
||||||
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||||
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
|
if [[ $HIRS_DB_USER_EXISTS == "1" ]]; then
|
||||||
echo " hirs_db user exists" | tee -a "$LOG_FILE";
|
echo " hirs_db user exists" | tee -a "$LOG_FILE";
|
||||||
else
|
else
|
||||||
echo " hirs_db user does not exist" | tee -a "$LOG_FILE";
|
echo " hirs_db user does not exist" | tee -a "$LOG_FILE";
|
||||||
fi
|
fi
|
||||||
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
|
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
|
||||||
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
|
if [[ $HIRS_DB_EXISTS == "1" ]]; then
|
||||||
echo " hirs_db databse exists" | tee -a "$LOG_FILE";
|
echo " hirs_db databse exists" | tee -a "$LOG_FILE";
|
||||||
else
|
else
|
||||||
echo " hirs_db database does not exists" | tee -a "$LOG_FILE";
|
echo " hirs_db database does not exists" | tee -a "$LOG_FILE";
|
||||||
@ -179,7 +199,7 @@ clear_hirs_user () {
|
|||||||
$(mysql -u root -e 'quit' &> /dev/null);
|
$(mysql -u root -e 'quit' &> /dev/null);
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||||
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
|
if [[ $HIRS_DB_USER_EXISTS == "1" ]]; then
|
||||||
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
|
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
|
||||||
echo "hirs_db user found and deleted"
|
echo "hirs_db user found and deleted"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user