From be199ce59542600816f5fe840cf587544bf37ae4 Mon Sep 17 00:00:00 2001 From: Zachary Huff Date: Sun, 25 Mar 2018 02:06:42 -0400 Subject: [PATCH] Add chmod to write --- ssh_client.py | 10 ++++++++++ ssh_host_client.py | 2 ++ 2 files changed, 12 insertions(+) diff --git a/ssh_client.py b/ssh_client.py index 8e10cbd..c9090cc 100755 --- a/ssh_client.py +++ b/ssh_client.py @@ -197,6 +197,7 @@ if known_hosts_modified: print 'KNOWN_HOSTS: ' + known_hosts_path with open(known_hosts_path_full, 'w') as known_file: + os.chmod(known_hosts_path_full, 0600) known_file.write(known_hosts_data) ssh_config_modified = False @@ -230,6 +231,7 @@ if ssh_config_modified: print 'SSH_CONFIG: ' + ssh_config_path with open(ssh_config_path_full, 'w') as config_file: + os.chmod(ssh_config_path_full, 0600) config_file.write(ssh_config_data) print 'Successfully cleared strict host checking configuration' @@ -254,6 +256,7 @@ if known_hosts_modified: print 'KNOWN_HOSTS: ' + known_hosts_path with open(known_hosts_path_full, 'w') as known_file: + os.chmod(known_hosts_path_full, 0600) known_file.write(known_hosts_data) ssh_config_modified = False @@ -287,6 +290,7 @@ if ssh_config_modified: print 'SSH_CONFIG: ' + ssh_config_path with open(ssh_config_path_full, 'w') as config_file: + os.chmod(ssh_config_path_full, 0600) config_file.write(ssh_config_data) print 'Successfully cleared bastion host configuration' @@ -310,6 +314,7 @@ if known_hosts_modified: print 'KNOWN_HOSTS: ' + known_hosts_path with open(known_hosts_path_full, 'w') as known_file: + os.chmod(known_hosts_path_full, 0600) known_file.write(known_hosts_data) ssh_config_modified = False @@ -336,6 +341,7 @@ if ssh_config_modified: print 'SSH_CONFIG: ' + ssh_config_path with open(ssh_config_path_full, 'w') as config_file: + os.chmod(ssh_config_path_full, 0600) config_file.write(ssh_config_data) print 'Successfully cleared SSH configuration' @@ -507,6 +513,7 @@ conf_keybase_state = True with open(conf_path, 'w') as conf_file: + os.chmod(conf_path, 0600) conf_file.write(json.dumps({ 'server': conf_zero_server, 'public_key_path': conf_pub_key_path, @@ -830,6 +837,7 @@ def factor_challenge(factor, passcode): cert_hosts = cert_data.get('hosts') with open(cert_path_full, 'w') as cert_file: + os.chmod(cert_path_full, 0600) cert_file.write('\n'.join(certificates) + '\n') print 'CERTIFICATE: ' + cert_path @@ -852,6 +860,7 @@ def factor_challenge(factor, passcode): if known_hosts_modified: print 'KNOWN_HOSTS: ' + known_hosts_path with open(known_hosts_path_full, 'w') as known_file: + os.chmod(known_hosts_path_full, 0600) known_file.write(known_hosts_data) ssh_config_modified = False @@ -899,6 +908,7 @@ def factor_challenge(factor, passcode): if ssh_config_modified: print 'SSH_CONFIG: ' + ssh_config_path with open(ssh_config_path_full, 'w') as config_file: + os.chmod(ssh_config_path_full, 0600) config_file.write(ssh_config_data) print 'Successfully validated SSH key' diff --git a/ssh_host_client.py b/ssh_host_client.py index 7438458..d7f1d96 100755 --- a/ssh_host_client.py +++ b/ssh_host_client.py @@ -83,6 +83,7 @@ def write_conf(): with open(CONF_PATH, 'w') as conf_file: + os.chmod(CONF_PATH, 0600) conf_file.write(json.dumps({ 'hostname': conf_hostname, 'server': conf_server, @@ -474,6 +475,7 @@ def do_GET(self): print('SSH_CERT: ' + cert_path) with open(cert_path, 'w') as ssh_file: + os.chmod(cert_path, 0644) ssh_file.write('\n'.join(certificates)) sys.exit(0)