Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
resource-agents.20910
0001-increase-the-security-of-monitor-user-in-o...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-increase-the-security-of-monitor-user-in-oracle.patch of Package resource-agents.20910
From 61e8ad6577ad2a0e446ed4758cf150c0bf12b12b Mon Sep 17 00:00:00 2001 From: Nick Wang <nwang@suse.com> Date: Thu, 2 Apr 2020 13:17:41 +0800 Subject: [PATCH] Increase the security of monitor user in oracle With static default credentials for a user is not safe even for limited privilege. A local user may login to the DB to do some attack by bugs or leaks.(#1049) It is better to replace the automatic creation with new user and leave the default password for legacy update. Also an open issue (#1030) for this. --- heartbeat/oracle | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/heartbeat/oracle b/heartbeat/oracle index 0f464c173..124060834 100755 --- a/heartbeat/oracle +++ b/heartbeat/oracle @@ -132,6 +132,8 @@ that the password for this user does not expire. <longdesc lang="en"> Password for the monitoring user. Make sure that the password for this user does not expire. +Need to explicitly set a password to a new monitor +user for the security reason. </longdesc> <shortdesc lang="en">monpassword</shortdesc> <content type="string" default="$OCF_RESKEY_monpassword_default" /> @@ -440,6 +442,12 @@ check_mon_user() { return 1 fi fi + + if [ -z "$OCF_RESKEY_monpassword" ]; then + ocf_exit_reason "Please explicitly set a password for $MONUSR oracle user" + exit $OCF_ERR_CONFIGURED + fi + output=`dbasql mk_mon_user show_mon_user` if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then return 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor