From 710362478e528bb8ca8d80326814b02e757841b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn?= Date: Fri, 7 Aug 2020 17:03:53 +0200 Subject: [PATCH] adding #18 --- app/Commands/MariadbInstallCommand.php | 56 ++++++++++++++++++++------ composer.json | 1 + composer.lock | 42 ++++++++++++++++++- install.sh | 2 +- 4 files changed, 87 insertions(+), 14 deletions(-) diff --git a/app/Commands/MariadbInstallCommand.php b/app/Commands/MariadbInstallCommand.php index 3e696d5..a94d556 100644 --- a/app/Commands/MariadbInstallCommand.php +++ b/app/Commands/MariadbInstallCommand.php @@ -8,10 +8,19 @@ use Illuminate\Support\Facades\File; use App\Facades\Install; -use Log; +use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator; +use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator; +/** + * + * + * + */ class MariadbInstallCommand extends Command { + const MCP_LOG_FILE = '/root/mcp.log'; + const PASSWORD_LENGTH = 40; + /** * The signature of the command. * @@ -38,22 +47,45 @@ class MariadbInstallCommand extends Command exec('apt update 2>&1'); exec('apt install -y mariadb-server mariadb-client 2>&1'); - $link = mysqli_connect('127.0.0.1', 'root', $password); + if (Install::isReady('mariadb-server mariadb-client')) { + + $this->info('Mariadb setup...'); - //exec('UPDATE mysql.user SET Password=PASSWORD('${install_mysql_password}') WHERE User='root';'); - //mysql_query("UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root';"); - // + // generate password + $generator = new ComputerPasswordGenerator(); + $generator->setRandomGenerator(new Php7RandomGenerator()) + ->setUppercase() + ->setLowercase() + ->setUppercase() + ->setNumbers() + ->setSymbols(false) + ->setLength(self::PASSWORD_LENGTH); - //mysqli_close($link); + // getting password for root + $password = $generator->generatePasswords()[0]; - if (Install::isReady('mariadb-server mariadb-client')) { + // remove plugin for root and set password + exec('sudo mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD(\''.$password.'\') WHERE User=\'root\';"'); + exec('sudo mysql -u root -e "UPDATE mysql.user SET plugin=\'\' where User=\'root\';"'); + + // delete anonymous user + exec('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'\';"'); + + // make sure root can only access from local + exec('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'root\' AND Host NOT IN (\'localhost\', \'127.0.0.1\', \'::1\');"'); + + // drop test database and anthing familiar + exec('sudo mysql -u root -e "DROP DATABASE IF EXISTS test;"'); + exec('sudo mysql -u root -e "DELETE FROM mysql.db WHERE Db=\'test\' OR Db=\'test_%\';"'); + + // update privileges + exec('sudo mysql -u root -e "FLUSH PRIVILEGES;"'); - // get status of nginx - exec('nginx -v 2>&1', $output); - $status = "$output[0] installed"; + $this->info('Success! \o/ Check /root/mcp.log'); + file_put_contents(self::MCP_LOG_FILE, "Mariadb installed\nuser:root\npassword:".$password."\n--\n", FILE_APPEND); - $this->info($status); - Log::info($status); + } else { + $this->error('Failed! /o\\'); } } } diff --git a/composer.json b/composer.json index 0a2525b..a2243a7 100644 --- a/composer.json +++ b/composer.json @@ -17,6 +17,7 @@ ], "require": { "php": "^7.2.5", + "hackzilla/password-generator": "^1.5", "illuminate/log": "^7.0", "jenssegers/blade": "^1.3", "laminas/laminas-text": "^2.7", diff --git a/composer.lock b/composer.lock index 7f4a52d..992c3e4 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "0e8b08aebfaf581a3ebfba5152ff8a4c", + "content-hash": "a22606a0d481725bb8b9a8595631a8b8", "packages": [ { "name": "beberlei/assert", @@ -336,6 +336,46 @@ ], "time": "2020-06-14T09:00:00+00:00" }, + { + "name": "hackzilla/password-generator", + "version": "1.5.0", + "source": { + "type": "git", + "url": "https://github.com/hackzilla/password-generator.git", + "reference": "22c7af49ef46d349d60af0fa30f61dd4dec53330" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/hackzilla/password-generator/zipball/22c7af49ef46d349d60af0fa30f61dd4dec53330", + "reference": "22c7af49ef46d349d60af0fa30f61dd4dec53330", + "shasum": "" + }, + "require": { + "php": ">=7.1.0" + }, + "require-dev": { + "phpunit/phpunit": "^7.0|^8.0|^9.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Hackzilla\\PasswordGenerator\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Daniel Platt", + "email": "github@ofdan.co.uk", + "homepage": "http://www.hackzilla.org" + } + ], + "description": "Password Generator Library", + "time": "2020-04-06T15:47:25+00:00" + }, { "name": "illuminate/cache", "version": "v7.18.0", diff --git a/install.sh b/install.sh index c67a19d..b3755b3 100755 --- a/install.sh +++ b/install.sh @@ -9,7 +9,7 @@ set -o pipefail set -o nounset # installing dependencies -apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban +apt install -y php-cli php-mbstring php-dom php-mysql git unzip curl composer ufw fail2ban # # configure ufw and start