From 3841dd7f7b47f55c83f4e13d8c17940db0fe28e0 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 8 Jun 2021 07:17:59 -0400
Subject: [PATCH] island: Set tighter permissions on certs in
 create_certificate.sh

---
 monkey/monkey_island/linux/create_certificate.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh
index ca7d397e0..cbbe5261b 100644
--- a/monkey/monkey_island/linux/create_certificate.sh
+++ b/monkey/monkey_island/linux/create_certificate.sh
@@ -21,10 +21,16 @@ umask 377
 
 echo "Generating key in $server_root/server.key..."
 openssl genrsa -out "$server_root"/server.key 2048
+chmod 400 "$server_root"/server.key
+
 echo "Generating csr in $server_root/server.csr..."
 openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
+chmod 400 "$server_root"/server.csr
+
 echo "Generating certificate in $server_root/server.crt..."
 openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt
+chmod 400 "$server_root"/server.crt
+
 
 # Shove some new random data into the file to override the original seed we put in.
 if [ "$CREATED_RND_FILE" = true ] ; then