forked from p15670423/monkey
island: Add `umask 377` to create_certificate.sh
By setting the umask to 377 in create_certificate.sh, we ensure that the TLS key file that is created is readable only by the user that created it, and not world readable (as is the default on some linux distros).
This commit is contained in:
parent
2af2fd4a55
commit
2d422f157e
|
@ -17,6 +17,8 @@ if [ ! -f /tmp/foo.txt ]; then # If the file already exists, assume that the co
|
||||||
CREATED_RND_FILE=true
|
CREATED_RND_FILE=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
umask 377
|
||||||
|
|
||||||
echo "Generating key in $server_root/server.key..."
|
echo "Generating key in $server_root/server.key..."
|
||||||
openssl genrsa -out "$server_root"/server.key 2048
|
openssl genrsa -out "$server_root"/server.key 2048
|
||||||
echo "Generating csr in $server_root/server.csr..."
|
echo "Generating csr in $server_root/server.csr..."
|
||||||
|
|
Loading…
Reference in New Issue