mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 23:26:50 +00:00
65 lines
2.0 KiB
Bash
Executable File
65 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
DB_SRV_CONF=/etc/my.cnf.d/mariadb-server.cnf
|
|
DB_CLIENT_CONF=/etc/my.cnf.d/client.cnf
|
|
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )";)
|
|
LOG_FILE=/dev/null
|
|
DB_ADMIN_PWD=$1
|
|
|
|
#source /etc/hirs/aca/aca.properties;
|
|
source $SCRIPT_DIR/mysql_util.sh
|
|
source /etc/os-release
|
|
|
|
check_systemd
|
|
|
|
# Check for sudo or root user, not actually needed but a good idea
|
|
if [ "$EUID" -ne 0 ]
|
|
then echo "This script requires root. Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Setup distro specifc paths and variables
|
|
if [ $ID = "ubuntu" ]; then
|
|
DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
|
DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
|
|
fi
|
|
|
|
if [ -d /opt/hirs/scripts/db ]; then
|
|
MYSQL_DIR="/opt/hirs/scripts/db"
|
|
else
|
|
MYSQL_DIR="$SCRIPT_DIR"
|
|
fi
|
|
|
|
echo "dropping hirs_db database"
|
|
|
|
mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
|
|
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
|
|
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
|
|
echo "hirs_db database and hirs_db user removed"
|
|
|
|
|
|
# reset the mysql root if the password was left in the properties fiel
|
|
if [ ! -z $DB_ADMIN_PWD ]; then
|
|
echo "Resetting mysql root password to empty"
|
|
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR "root@localhost" = PASSWORD('');"
|
|
mysql -u "root" -e "FLUSH LOGS;"
|
|
else
|
|
echo "Note root password was NOT reset"
|
|
fi
|
|
|
|
# Remove key , cert and truststore entries from client.cnf andf mariadb.cnf
|
|
|
|
echo "Removing hirs tls references from mariadb configuration files"
|
|
grep -v "hirs" $DB_SRV_CONF > tmpfile && mv tmpfile $DB_SRV_CONF
|
|
# The following arent avialble in Mariadb 10.3
|
|
#grep -v "tls_version" $DB_SRV_CONF > tmpfile && mv tmpfile $DB_SRV_CONF
|
|
#grep -v "require_secure_transport" $DB_SRV_CONF > tmpfile && mv tmpfile $DB_SRV_CONF
|
|
|
|
grep -v "hirs" $DB_CLIENT_CONF > tmpfile && mv tmpfile $DB_CLIENT_CONF
|
|
|
|
|
|
echo "restarting mariadb"
|
|
|
|
mysqld_reboot
|
|
|