Consider setting 'mode 600' and 'sensitive true' on server.properties

sous-chefs / kafka

Development repository for the kafka cookbook

https://supermarket.chef.io/cookbooks/kafka

Apache License 2.0

91 stars 105 forks source link

Consider setting 'mode 600' and 'sensitive true' on server.properties #118

Closed hrak closed 7 years ago

hrak commented 7 years ago

Since Kafka 0.9+ supports SSL, the server.properties potentially contains passphrase info for the server keystore and truststore. This cookbook currently sets file mode 644 on server.properties making it world-readable, which is a security risk.

Setting 'mode 600' and 'sensitive true' solves this and makes sure that the chef-client doesn't output passphrase info to stdout or chef-client logfiles.

mthssdrbrg commented 7 years ago

Seems reasonable, addressed in #119.

mthssdrbrg commented 7 years ago

Closed by 8a2fe7cfb68a5d34b8d050a09fe667e4579e9f12, hopefully should be a new release with this and runit support in next week (currently busy moving).

lock[bot] commented 4 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.