# directors to verify the authenticity of this file daemon
TLS Certificate = "/etc/bacula/bacula-fd.pem"
TLS Key = "/etc/bacula/bacula-fd.pem"
- TLS DH File = "/etc/bacula/dh1024.pem"
+ TLS DH File = "/etc/bacula/dh2048.pem"
}
#
}
generate_dh() {
- DH_FILE=/etc/bacula/dh1024.pem
+ DH_FILE=/etc/bacula/dh2048.pem
if [ -s $DH_FILE ]; then
echo $DH_FILE already exists, skipping.
umask 077
echo Generating $DH_FILE
- openssl dhparam -out $DH_FILE -5 1024
+ ###openssl dhparam -out $DH_FILE -5 1024
+ openssl dhparam -out $DH_FILE -2 2048
+
fi
}
# cleanup
rm -f $DF_FILE $DB_FILE $FD_FILE $PEM_FILE
- # report problems
+ # report problems
if [ ! -e $REQUEST_FILE ]; then
db_input high bacula-cn/request-failed || true
db_go || true
fi
}
+
+fix_privileges() {
+ # fix privileges
+
+ chown root:bacula /etc/bacula/bacula-fd.pem /etc/bacula/bacula-fd.conf /etc/bacula/bconsole.conf
+ chmod 640 /etc/bacula/bacula-fd.pem /etc/bacula/bacula-fd.conf /etc/bacula/bconsole.conf
+}
+
+set_pinning() {
+ # set pin to version from stretch, because bacula 9.* isn't compatible
+
+ PINFILE=/etc/apt/preferences.d/99-carnet
+
+ test -f $PINFILE || touch $PINFILE
+
+ cp-update bacula-cn $PINFILE <<EOF
+
+Package: bacula-fd
+Pin: version 7.4.4*
+Pin-Priority: 1001
+
+Package: bacula-common
+Pin: version 7.4.4*
+Pin-Priority: 1001
+
+Package: bacula-console
+Pin: version 7.4.4*
+Pin-Priority: 1001
+
+EOF
+
+}
load_config() {
db_get bacula-cn/hostname
generate_fd_config
generate_bconsole_config
+ fix_privileges
+ set_pinning
+
restart_bacula
send_request