Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider setting 'mode 600' and 'sensitive true' on server.properties #118

Closed
hrak opened this issue Jan 24, 2017 · 3 comments
Closed

Consider setting 'mode 600' and 'sensitive true' on server.properties #118

hrak opened this issue Jan 24, 2017 · 3 comments

Comments

@hrak
Copy link

hrak commented Jan 24, 2017

Since Kafka 0.9+ supports SSL, the server.properties potentially contains passphrase info for the server keystore and truststore. This cookbook currently sets file mode 644 on server.properties making it world-readable, which is a security risk.

Setting 'mode 600' and 'sensitive true' solves this and makes sure that the chef-client doesn't output passphrase info to stdout or chef-client logfiles.
@mthssdrbrg mthssdrbrg mentioned this issue Jan 26, 2017
Merged
@mthssdrbrg
Copy link
Contributor

Seems reasonable, addressed in #119.

@mthssdrbrg
Copy link
Contributor

Closed by 8a2fe7c, hopefully should be a new release with this and runit support in next week (currently busy moving).

@lock
Copy link

lock bot commented Apr 25, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Apr 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mthssdrbrg @hrak