From ce61074bf14bc424a9fd5ce8d950bb91d5a7eca9 Mon Sep 17 00:00:00 2001 From: thomashaw Date: Tue, 18 Apr 2017 16:22:52 +0100 Subject: [PATCH] vulnerabilities/unix/webapp/onlinestore - db_password is now dynamically generated --- .../unix/webapp/onlinestore/manifests/install.pp | 9 ++++++++- .../unix/webapp/onlinestore/secgen_metadata.xml | 5 +++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp b/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp index 462f3aa20..ccd34d5b8 100644 --- a/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp +++ b/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp @@ -10,7 +10,7 @@ class onlinestore::install { $docroot = '/var/www' $db_username = 'csecvm' - $db_password = 'H93AtG6akq' + $db_password = $secgen_parameters['db_password'][0] package { ['mysql-client','php5-mysql']: ensure => 'installed', @@ -33,6 +33,13 @@ class onlinestore::install { cwd => "$docroot", command => "tar -xzf /tmp/www-data.tar.gz && chown -R www-data:www-data $docroot && chmod 0600 $docroot/mysql.php", path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], + notify => Exec['add_generated_password_to_mysql_php'], + } + + # Change the default database password to our randomly generated one + exec { 'add_generated_password_to_mysql_php': + cwd => $docroot, + command => "/bin/sed -ie 's/H93AtG6akq/$db_password/g' mysql.php", notify => Exec['setup_mysql'], } diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml b/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml index 4b4573cc0..075b25d76 100644 --- a/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml +++ b/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml @@ -14,6 +14,7 @@ linux strings_to_leak + db_password @@ -23,6 +24,10 @@ + + + + webapp