randomize database password

Author: nachoparker

etc/nextcloudpi-config.d/nc-backup.sh

@@ -17,20 +17,21 @@
 
 DESTDIR_=/media/USBdrive
 BASEDIR_=/var/www
-DBPASSWD_=ownyourbits
 DESCRIPTION="Backup this NC instance to a file"
 
 DESTFILE=$DESTDIR_/nextcloud-bkp_`date +"%Y%m%d"`.tar 
 DBBACKUP=nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
 
 configure()
 {
+  local DBPASSWD=$( cat /root/.dbpass )
+
   cd $BASEDIR_/nextcloud
   sudo -u www-data php occ maintenance:mode --on
 
   cd $BASEDIR_
   echo -e "backup database..."
-  mysqldump -u root -p$DBPASSWD_ --single-transaction nextcloud > $DBBACKUP
+  mysqldump -u root -p$DBPASSWD --single-transaction nextcloud > $DBBACKUP
 
   echo -e "backup files..."
   mkdir -p $DESTDIR

etc/nextcloudpi-config.d/nc-init.sh

@@ -17,7 +17,6 @@
 
 ADMINUSER_=admin
 DBADMIN_=ncadmin
-DBPASSWD_=ownyourbits
 DESCRIPTION="(Re)initiate Nextcloud to a clean configuration"
 
 show_info()
@@ -35,6 +34,8 @@ show_info()
 
 configure()
 {
+  local DBPASSWD=$( cat /root/.dbpass )
+
   ## RE-CREATE DATABASE TABLE 
 
   echo "Setting up database..."
@@ -48,14 +49,14 @@ configure()
   done
 
   # workaround to emulate DROP USER IF EXISTS ..;)
-  mysql -u root -p$DBPASSWD_ <<EOF
+  mysql -u root -p$DBPASSWD <<EOF
 DROP DATABASE IF EXISTS nextcloud;
 CREATE DATABASE nextcloud
     CHARACTER SET utf8mb4
     COLLATE utf8mb4_unicode_ci;
-GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 DROP USER '$DBADMIN_'@'localhost';
-CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN_@localhost;
 EXIT
 EOF
@@ -68,7 +69,7 @@ EOF
   rm -f config/config.php
   sudo -u www-data php occ maintenance:install --database \
     "mysql" --database-name "nextcloud"  --database-user "$DBADMIN_" --database-pass \
-    "$DBPASSWD_" --admin-user "$ADMINUSER_" --admin-pass "$DBPASSWD_"
+    "$DBPASSWD" --admin-user "$ADMINUSER_" --admin-pass "$DBPASSWD"
 
   # cron jobs
   sudo -u www-data php occ background:cron

etc/nextcloudpi-config.d/nc-nextcloud.sh

@@ -20,7 +20,6 @@ MAXFILESIZE_=2G
 MEMORYLIMIT_=768M
 MAXTRANSFERTIME_=3600
 DBADMIN_=ncadmin
-DBPASSWD_=ownyourbits
 DESCRIPTION="Install any NextCloud version"
 
 export DEBIAN_FRONTEND=noninteractive
@@ -46,6 +45,8 @@ install() { :; }
 
 configure()
 {
+  local DBPASSWD=$( cat /root/.dbpass )
+
   ## RE-CREATE DATABASE TABLE 
   echo "Starting mariaDB"
 
@@ -62,14 +63,14 @@ configure()
 
   echo "Setting up database..."
   # workaround to emulate DROP USER IF EXISTS ..;)
-  mysql -u root -p$DBPASSWD_ <<EOF
+  mysql -u root -p$DBPASSWD <<EOF
 DROP DATABASE IF EXISTS nextcloud;
 CREATE DATABASE nextcloud
     CHARACTER SET utf8mb4
     COLLATE utf8mb4_unicode_ci;
-GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 DROP USER '$DBADMIN_'@'localhost';
-CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN_@localhost;
 EXIT
 EOF

etc/nextcloudpi-config.d/nc-restore.sh

@@ -19,7 +19,6 @@
 
 BACKUPFILE_=/media/USBdrive/nextcloud-bkp_xxxxxxxx.tar
 BASEDIR_=/var/www
-DBPASSWD_=ownyourbits
 DBADMIN_=ncadmin
 DESCRIPTION="Restore a previously backuped NC instance"
 
@@ -40,6 +39,8 @@ You can use nc-backup " \
 
 configure()
 { 
+  local DBPASSWD=$( cat /root/.dbpass )
+
   [ -f $BACKUPFILE_        ] || { echo -e "$BACKUPFILE_ not found"; return 1;  }
   [ -d $BASEDIR_           ] || { echo -e "$BASEDIR_    not found"; return 1;  }
   [ -d $BASEDIR_/nextcloud ] && { echo -e "WARNING: overwriting old instance"; }
@@ -55,18 +56,18 @@ configure()
 
   # RE-CREATE DATABASE TABLE
   echo -e "restore database..."
-  mysql -u root -p$DBPASSWD_ <<EOF
+  mysql -u root -p$DBPASSWD <<EOF
 DROP DATABASE IF EXISTS nextcloud;
 CREATE DATABASE nextcloud;
-GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+GRANT USAGE ON *.* TO '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 DROP USER '$DBADMIN_'@'localhost';
-CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD_';
+CREATE USER '$DBADMIN_'@'localhost' IDENTIFIED BY '$DBPASSWD';
 GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN_@localhost;
 EXIT
 EOF
   [ $? -ne 0 ] && { echo -e "error configuring nextcloud database"; return 1; }
 
-  mysql -u root -p$DBPASSWD_ nextcloud <  nextcloud-sqlbkp_*.bak || { echo -e "error restoring nextcloud database"; return 1; }
+  mysql -u root -p$DBPASSWD nextcloud <  nextcloud-sqlbkp_*.bak || { echo -e "error restoring nextcloud database"; return 1; }
 
   cd $BASEDIR_/nextcloud
   sudo -u www-data php occ maintenance:mode --off

lamp.sh

@@ -20,8 +20,6 @@
 # More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
 #
 
-DBPASSWD_=ownyourbits
-
 APTINSTALL="apt-get install -y --no-install-recommends"
 export DEBIAN_FRONTEND=noninteractive
 
@@ -47,8 +45,14 @@ EOF
     $APTINSTALL -t stretch php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-APC
     mkdir -p /run/php
 
-    debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password password $DBPASSWD_"
-    debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password_again password $DBPASSWD_"
+    # Randomize mariaDB password
+    # Suggested by @enoch85 and taken from the nextcloud vm ( https://github.com/nextcloud/vm/blob/master/lib.sh#L46 )
+    $DBPASSWD=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$(shuf -i 30-35 -n 1)" | head -n 1)
+    echo $DBPASSWD > /root/.dbpass
+    chmod 600 /root/.dbpass
+
+    debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password password $DBPASSWD"
+    debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password_again password $DBPASSWD"
     $APTINSTALL -t stretch mariadb-server php7.0-mysql 
     mkdir -p /run/mysqld
     chown mysql /run/mysqld
@@ -126,7 +130,7 @@ EOF
     sed -i '/\[mysqld\]/ainnodb_file_format=barracuda' /etc/mysql/mariadb.conf.d/50-server.cnf
 
     mysql_secure_installation <<EOF
-$DBPASSWD_
+$DBPASSWD
 n
 y
 y