diff options
author | Tobias Brunner <tobias@strongswan.org> | 2014-02-12 15:16:57 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2014-02-12 15:16:57 +0100 |
commit | efce4559e86cc145500fbd6373e68e500d6d6b44 (patch) | |
tree | 14873410282a6bf80f2f6a4462f0df4bb1b87189 | |
parent | 5422bb907053e415a8507da42d8dc62109af5237 (diff) | |
download | strongswan-efce4559e86cc145500fbd6373e68e500d6d6b44.tar.bz2 strongswan-efce4559e86cc145500fbd6373e68e500d6d6b44.tar.xz |
conf: Install config files world-readable but warn about permissions for certain options
-rw-r--r-- | conf/Makefile.am | 6 | ||||
-rw-r--r-- | conf/options/attest.opt | 3 | ||||
-rw-r--r-- | conf/options/imcv.opt | 3 | ||||
-rw-r--r-- | conf/options/manager.opt | 3 | ||||
-rw-r--r-- | conf/options/medsrv.opt | 3 | ||||
-rw-r--r-- | conf/options/pacman.opt | 4 | ||||
-rw-r--r-- | conf/options/pool.opt | 3 | ||||
-rw-r--r-- | conf/plugins/attr-sql.opt | 3 | ||||
-rw-r--r-- | conf/plugins/eap-radius.opt | 6 | ||||
-rw-r--r-- | conf/plugins/sql.opt | 3 | ||||
-rw-r--r-- | conf/plugins/tnc-ifmap.opt | 3 | ||||
-rw-r--r-- | conf/plugins/tnc-pdp.opt | 3 |
12 files changed, 28 insertions, 15 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am index 80914418a..af604b594 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -151,13 +151,13 @@ install-data-local: $(plugins_install_src) test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" - test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true + test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true for f in $(options_install_src); do \ name=`basename $$f`; \ - test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 640 -t "$(DESTDIR)$(strongswanddir)" $(srcdir)/$$f || true; \ + test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 -t "$(DESTDIR)$(strongswanddir)" $(srcdir)/$$f || true; \ done for f in $(plugins_install_src); do \ name=`basename $$f`; \ if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \ - test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 640 -t "$(DESTDIR)$(charonconfdir)" "$$dir$$f" || true; \ + test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 -t "$(DESTDIR)$(charonconfdir)" "$$dir$$f" || true; \ done diff --git a/conf/options/attest.opt b/conf/options/attest.opt index 736eb9d02..20b14f42d 100644 --- a/conf/options/attest.opt +++ b/conf/options/attest.opt @@ -1,5 +1,6 @@ attest.database = - Path to database with file measurement information. + File measurement information database URI. If it contains a password, make + sure to adjust the permissions of the config file accordingly. attest.load = Plugins to load in ipsec attest tool. diff --git a/conf/options/imcv.opt b/conf/options/imcv.opt index aa512f4f0..a249a7b14 100644 --- a/conf/options/imcv.opt +++ b/conf/options/imcv.opt @@ -6,7 +6,8 @@ charon.imcv.assessment_result = yes Whether IMVs send a standard IETF Assessment Result attribute. charon.imcv.database = - Global IMV policy database URI. + Global IMV policy database URI. If it contains a password, make sure to + adjust the permissions of the config file accordingly. charon.imcv.os_info.name = Manually set the name of the client OS (e.g. Ubuntu). diff --git a/conf/options/manager.opt b/conf/options/manager.opt index d84d6eb0a..dbac73110 100644 --- a/conf/options/manager.opt +++ b/conf/options/manager.opt @@ -1,5 +1,6 @@ manager.database = - Credential database URI for manager. + Credential database URI for manager. If it contains a password, make + sure to adjust the permissions of the config file accordingly. manager.debug = no Enable debugging in manager. diff --git a/conf/options/medsrv.opt b/conf/options/medsrv.opt index 8b31c8831..f673b7e03 100644 --- a/conf/options/medsrv.opt +++ b/conf/options/medsrv.opt @@ -1,5 +1,6 @@ medsrv.database = - Mediation server database URI. + Mediation server database URI. If it contains a password, make + sure to adjust the permissions of the config file accordingly. medsrv.debug = no Debugging in mediation server web application. diff --git a/conf/options/pacman.opt b/conf/options/pacman.opt index 76eddf91e..dfb4ba2b1 100644 --- a/conf/options/pacman.opt +++ b/conf/options/pacman.opt @@ -1,5 +1,7 @@ pacman.database = - Database URI for the database that stores the package information. + Database URI for the database that stores the package information. If it + contains a password, make sure to adjust the permissions of the config file + accordingly. pacman.load = Plugins to load in package manager. diff --git a/conf/options/pool.opt b/conf/options/pool.opt index b030b17be..79458c779 100644 --- a/conf/options/pool.opt +++ b/conf/options/pool.opt @@ -1,6 +1,7 @@ pool.database Database URI for the database that stores IP pools and configuration - attributes. + attributes. If it contains a password, make sure to adjust the permissions + of the config file accordingly. pool.load = Plugins to load in ipsec pool tool. diff --git a/conf/plugins/attr-sql.opt b/conf/plugins/attr-sql.opt index 6f02c1cfb..abd749e3e 100644 --- a/conf/plugins/attr-sql.opt +++ b/conf/plugins/attr-sql.opt @@ -1,5 +1,6 @@ charon.plugins.attr-sql.database - Database URI for attr-sql plugin used by charon. + Database URI for attr-sql plugin used by charon. If it contains a password, + make sure to adjust the permissions of the config file accordingly. charon.plugins.attr-sql.lease_history = yes Enable logging of SQL IP pool leases. diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt index be1d99f9d..0edd3458c 100644 --- a/conf/plugins/eap-radius.opt +++ b/conf/plugins/eap-radius.opt @@ -27,7 +27,8 @@ charon.plugins.eap-radius.dae.port = 3799 Port to listen for DAE requests. charon.plugins.eap-radius.dae.secret - Shared secret used to verify/sign DAE messages. + Shared secret used to verify/sign DAE messages. If set, make sure to adjust + the permissions of the config file accordingly. charon.plugins.eap-radius.eap_start = no Send EAP-Start instead of EAP-Identity to start RADIUS conversation. @@ -65,7 +66,8 @@ charon.plugins.eap-radius.port = 1812 Port of RADIUS server (authentication). charon.plugins.eap-radius.secret = - Shared secret between RADIUS and NAS. + Shared secret between RADIUS and NAS. If set, make sure to adjust the + permissions of the config file accordingly. charon.plugins.eap-radius.server = IP/Hostname of RADIUS server. diff --git a/conf/plugins/sql.opt b/conf/plugins/sql.opt index 5f5f4136b..f573bba7e 100644 --- a/conf/plugins/sql.opt +++ b/conf/plugins/sql.opt @@ -1,5 +1,6 @@ charon.plugins.sql.database = - Database URI for charons SQL plugin. + Database URI for charon's SQL plugin. If it contains a password, make + sure to adjust the permissions of the config file accordingly. charon.plugins.sql.loglevel = -1 Loglevel for logging to SQL database. diff --git a/conf/plugins/tnc-ifmap.opt b/conf/plugins/tnc-ifmap.opt index 251c41d16..155c30697 100644 --- a/conf/plugins/tnc-ifmap.opt +++ b/conf/plugins/tnc-ifmap.opt @@ -17,4 +17,5 @@ charon.plugins.tnc-ifmap.server_cert = Path to X.509 certificate file of IF-MAP server. charon.plugins.tnc-ifmap.username_password = - Credentials of IF-MAP client of the form username:password. + Credentials of IF-MAP client of the form username:password. If set, make + sure to adjust the permissions of the config file accordingly. diff --git a/conf/plugins/tnc-pdp.opt b/conf/plugins/tnc-pdp.opt index 10b9cff9d..22b00db5e 100644 --- a/conf/plugins/tnc-pdp.opt +++ b/conf/plugins/tnc-pdp.opt @@ -14,7 +14,8 @@ charon.plugins.tnc-pdp.radius.port = 1812 RADIUS server port the strongSwan PDP is listening on. charon.plugins.tnc-pdp.radius.secret = - Shared RADIUS secret between strongSwan PDP and NAS. + Shared RADIUS secret between strongSwan PDP and NAS. If set, make sure to + adjust the permissions of the config file accordingly. charon.plugins.tnc-pdp.server = Name of the strongSwan PDP as contained in the AAA certificate. |