Overview

File check-certs.sh of Package kolab-scripts

#!/bin/bash
# KPS_CHECK_ORDER: 30

# (c) 2013-2016 Aeneas Jaissle

PATH=/usr/bin:/bin:/usr/sbin

echo -n "Checking presence of server certificates... "

cd /etc/ssl
CERTDIR=servercerts
CERTFILE=$CERTDIR/servercert.pem
CERTKEY=$CERTDIR/serverkey.pem

if [[ ! -f $CERTKEY ]]; then
  echo
  echo "  ERROR: No certificate key found at $CERTKEY"
  CERT_PRESENCE=no
elif [[ ! -s $CERTKEY ]]; then
  echo
  echo "  ERROR: Certificate key has a size of zero!"
  CERT_PRESENCE=no
elif [[ ! -f $CERTFILE ]]; then
  echo
  echo "  ERROR: No server certificate found at $CERTFILE"
  CERT_PRESENCE=no
elif [[ ! -s $CERTFILE ]]; then
  echo
  echo "  ERROR: Server certificate has a size of zero."
  CERT_PRESENCE=no
fi

if [[ "$CERT_PRESENCE" == "" ]]; then
  echo OK
else
  echo
  echo "  Run kolab-cert to create a server certificate and corresponding key"
  echo "  Without this, Kolab won't work!"
  echo
  read -p "Do you want to run 'kolab-cert' now? [Y/n] " ANSWER
  [[ "$ANSWER" != "n" ]] && kolab-cert
fi

# set permissions on servercert, key and dir
USERS="cyrus postfix wwwrun"
DIRS="$CERTDIR"
FILES="$CERTFILE $CERTKEY"

echo -n "Checking server certificate ACL... "

for USER in $USERS; do
  for DIR in $DIRS; do
    if [[ $(getfacl $DIR | grep -c "^user:$USER:r-x") != 1 ]]; then
      ACL_OK=no
    fi
  done
  for FILE in $FILES; do
    if [[ $(getfacl $FILE | grep -c "^user:$USER:r--") != 1 ]]; then
      ACL_OK=no
    fi
  done
done

if [[ "$ACL_OK" == "no" ]]; then
  echo
  ACL_OK=
  for USER in $USERS; do
    for DIR in $DIRS; do
      if [[ $(getfacl $DIR | grep -c "^user:$USER:r-x") != 1 ]]; then
        ACL_OK=no
        echo -n "  Setting ACL for $USER on $DIR... "
        setfacl -m u:$USER:rx $DIR
        if [[ $? == 0 ]]; then
          echo OK
        else
          echo FAILED!
        fi
      fi
    done
    for FILE in $FILES; do
      if [[ $(getfacl $FILE | grep -c "^user:$USER:r--") != 1 ]]; then
        ACL_OK=no
        echo -n "  Setting ACL for $USER on $FILE... "
        setfacl -m u:$USER:r $FILE
        if [[ $? == 0 ]]; then
          echo OK
        else
          echo FAILED!
        fi
      fi
    done
  done
fi

if [[ "$ACL_OK" == "" ]]; then
  echo OK
fi

echo "Setting cert paths in postfix main.cf..."
MAINCF=/etc/postfix/main.cf
for SETTING in 'smtp_use_tls = yes' \
    'smtp_tls_CAfile = /etc/ssl/cacert.pem' \
    'smtp_tls_CApath = /etc/ssl/' \
    'smtp_tls_cert_file = /etc/ssl/servercerts/servercert.pem' \
    'smtp_tls_key_file = /etc/ssl/servercerts/serverkey.pem' \
    'smtpd_use_tls = yes' \
    'smtpd_tls_CAfile = /etc/ssl/cacert.pem' \
    'smtpd_tls_CApath = /etc/ssl/' \
    'smtpd_tls_cert_file = /etc/ssl/servercerts/servercert.pem' \
    'smtpd_tls_key_file = /etc/ssl/servercerts/serverkey.pem' \
    'smtpd_tls_auth_only = yes'; do
    if [[ $(grep -c "^$SETTING$" $MAINCF) != 1 ]]; then
        SHORTSETTING=`echo $SETTING | head -c 14`
        sed -i "s/^$SHORTSETTING/#$SHORTSETTING/" $MAINCF
        echo "$SETTING" >> $MAINCF
        echo "  Set: $SETTING"
    fi
done
openSUSE Build Service is sponsored by
Places