From 9687b22b2bf02387ad1c3ee7795432b39090bbd3 Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Sun, 12 Apr 2020 19:24:21 +0300
Subject: [PATCH] Add some safety check for the .rnd file nonsense

I added more comments, so it must be fine :fire: :dog: :fire:
---
 .../monkey_island/linux/create_certificate.sh | 26 ++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh
index 8bb2a5571..985f607bc 100644
--- a/monkey/monkey_island/linux/create_certificate.sh
+++ b/monkey/monkey_island/linux/create_certificate.sh
@@ -3,20 +3,28 @@
 server_root=${1:-"./cc"}
 
 echo "Creating server cetificate. Server root: $server_root"
-# We override the RANDFILE determined by default openssl.cnf
+# We override the RANDFILE determined by default openssl.cnf, if it doesn't exist.
 # This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release
 # a new version, we can delete this command. See
 # https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a
 # for more details.
-dd bs=1024 count=2 </dev/urandom >~/.rnd
-chmod 666 ~/.rnd
+DEFAULT_RND_FILE_PATH=~/.rnd
+CREATED_RND_FILE=false
+if [ ! -f /tmp/foo.txt ]; then  # If the file already exists, assume that the contents are fine, and don't change them.
+  echo "Creating rand seed file in $DEFAULT_RND_FILE_PATH"
+  dd bs=1024 count=2 </dev/urandom >"$DEFAULT_RND_FILE_PATH"
+  chmod 666 "$DEFAULT_RND_FILE_PATH"
+  CREATED_RND_FILE=true
+fi
 
-echo "Generating key in $server_root/server.key"
+echo "Generating key in $server_root/server.key..."
 openssl genrsa -out "$server_root"/server.key 2048
-echo "Generating csr in $server_root/server.csr"
+echo "Generating csr in $server_root/server.csr..."
 openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
-echo "Generating certificate in $server_root/server.crt"
-openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt
+echo "Generating certificate in $server_root/server.crt..."
+openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt
 
-# Shove some new random data into the file to override the original seed.
-dd bs=1024 count=2 </dev/urandom >~/.rnd
+# Shove some new random data into the file to override the original seed we put in.
+if [ "$CREATED_RND_FILE" = true ] ; then
+  dd bs=1024 count=2 </dev/urandom >"$DEFAULT_RND_FILE_PATH"
+fi