From 2d422f157ef12ec9f32b4fd640002b23390dfdb5 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 11 May 2021 19:22:43 -0400
Subject: [PATCH] island: Add `umask 377` to create_certificate.sh

By setting the umask to 377 in create_certificate.sh, we ensure that the
TLS key file that is created is readable only by the user that created
it, and not world readable (as is the default on some linux distros).
---
 monkey/monkey_island/linux/create_certificate.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh
index 985f607bc..ca7d397e0 100644
--- a/monkey/monkey_island/linux/create_certificate.sh
+++ b/monkey/monkey_island/linux/create_certificate.sh
@@ -17,6 +17,8 @@ if [ ! -f /tmp/foo.txt ]; then  # If the file already exists, assume that the co
   CREATED_RND_FILE=true
 fi
 
+umask 377
+
 echo "Generating key in $server_root/server.key..."
 openssl genrsa -out "$server_root"/server.key 2048
 echo "Generating csr in $server_root/server.csr..."