[debian-edu-commits] debian-edu/ 02/03: Add scripts needed to fix exim4 security.

[Wolfgang Schweer]

This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch jessie
in repository debian-edu-config.

commit 139bc4a0e8ed1364fb275ce8f06c86dc0b337a45
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Thu May 18 18:05:27 2017 +0200

    Add scripts needed to fix exim4 security.
---
 share/debian-edu-config/tools/exim4-create-cert    | 23 ++++++++++++++++++++++
 .../tools/exim4-create-environment                 | 18 +++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/share/debian-edu-config/tools/exim4-create-cert b/share/debian-edu-config/tools/exim4-create-cert
new file mode 100755
index 0000000..2fc1555
--- /dev/null
+++ b/share/debian-edu-config/tools/exim4-create-cert
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Create a self-signed certificate.
+# Taken in parts from a script by Andreas B. Mundt <andi at debian.org>.
+
+set -e
+
+TEMPLATE="/usr/share/ssl-cert/ssleay.cnf"
+CONF=$(mktemp)
+CERT="/etc/exim4/exim.crt"
+KEY="/etc/exim4/exim.key"
+
+if [ ! -f $CERT ] || [ ! -f $KEY ]; then
+    sed -e s#@HostName@#"postoffice.intern"# $TEMPLATE > $CONF
+    echo "subjectAltName=DNS:postoffice.intern,DNS:postoffice.intern" >> $CONF
+    openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
+    chmod 640 $KEY $CERT $CONF
+    chown root:Debian-exim $KEY $CERT
+else
+    echo "$CERT and $KEY already exist, skipping!"
+fi
+
+rm $CONF
diff --git a/share/debian-edu-config/tools/exim4-create-environment b/share/debian-edu-config/tools/exim4-create-environment
new file mode 100755
index 0000000..1ee4a3c
--- /dev/null
+++ b/share/debian-edu-config/tools/exim4-create-environment
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Create Kerberos environment for exim4 chroot. This is needed
+# to cope with the exim4 security fix for CVE-2016-1531. 
+
+set -e
+
+DIR="/var/lib/exim4/etc"
+FILE="krb5.keytab.smtp"
+
+if [ ! -f $DIR/$FILE ]; then
+    if [ ! -d $DIR ] ; then
+	mkdir $DIR
+    fi
+fi
+cp /etc/$FILE $DIR
+chown Debian-exim:Debian-exim $DIR/$FILE
+echo "Successfully created the Exim4 environment."

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git