diff --git a/app/Commands/MariadbClientInstallCommand.php b/app/Commands/MariadbClientInstallCommand.php index 1ade1e4..339e75a 100644 --- a/app/Commands/MariadbClientInstallCommand.php +++ b/app/Commands/MariadbClientInstallCommand.php @@ -91,8 +91,7 @@ class MariadbClientInstallCommand extends Command [client] ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem -ssl-key=/etc/mysql/ssl/client-key.pem - EOF'); +ssl-key=/etc/mysql/ssl/client-key.pem'); system('chown -R mysql:mysql /etc/mysql/ssl'); system('chmod 644 /etc/mysql/ssl/*cert*'); diff --git a/app/Commands/MariadbInstallCommand.php b/app/Commands/MariadbInstallCommand.php index f5fcd62..7a5475c 100644 --- a/app/Commands/MariadbInstallCommand.php +++ b/app/Commands/MariadbInstallCommand.php @@ -21,12 +21,6 @@ use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator; */ class MariadbInstallCommand extends Command { - // destination for username and password - const MCP_LOG_FILE = '/root/mcp.log'; - - // length for password - const PASSWORD_LENGTH = 40; - /** * The signature of the command. * @@ -124,7 +118,7 @@ class MariadbInstallCommand extends Command $this->info('Mariadb installing...Success! \o/'); if ($this->option('remote') === true) { - $this->removeAccess(); + $this->remoteAccess(); } } else { @@ -140,21 +134,27 @@ class MariadbInstallCommand extends Command { $this->info('Mariadb remote...'); system('mkdir -p /etc/mysql/ssl'); + system('hostname', $hostname); $this->info('Generating CA'); system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem'); - system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$name.'-mysql-ca"'); + system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$hostname.'-mysql-ca"'); $this->info('Generating Server Certificate'); - system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$name.'-mysql-server"'); + system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$hostname.'-mysql-server"'); system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem'); system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem'); $this->info('Generating Client Certificate'); - system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$name.'-mysql-server"'); + system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$hostname.'-mysql-server"'); system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem'); system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem'); + if (!file_exist('/etc/mysql/ssl/ca-cert.pem') || !file_exist('/etc/mysql/ssl/client-cert.pem') || file_exist('/etc/mysql/ssl/client-key.pem')) { + $this->error('Failed! Certificates not created!'); + exit(); + } + $this->info('Validate Certificates'); system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem'); @@ -169,14 +169,13 @@ ssl-key=/etc/mysql/ssl/server-key.pem [client] ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem -ssl-key=/etc/mysql/ssl/client-key.pem - EOF'); +ssl-key=/etc/mysql/ssl/client-key.pem'); system('chown -R mysql:mysql /etc/mysql/ssl'); system('chmod 644 /etc/mysql/ssl/*cert*'); system('chmod 644 /etc/mysql/ssl/*key*'); - system('service restart mariadb'); + system('service restart mysql'); system('ufw allow mysql'); $this->info('Mariadb remote...Success! \o/');