diff options
author | Petr Menšík <pemensik@redhat.com> | 2017-10-31 17:37:27 +0100 |
---|---|---|
committer | Petr Menšík <pemensik@redhat.com> | 2017-10-31 17:37:27 +0100 |
commit | f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10 (patch) | |
tree | 8944bdd46c8e8bf1c0feca030a5f21deacd99ee4 /generate-rndc-key.sh | |
parent | 4d8c7099754496dfb0ed8143d51cb819346a07b2 (diff) | |
download | bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.tar.gz bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.tar.xz bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.zip |
Use hmac-sha256 for new RNDC keys (#1508003)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Diffstat (limited to 'generate-rndc-key.sh')
-rwxr-xr-x | generate-rndc-key.sh | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/generate-rndc-key.sh b/generate-rndc-key.sh index 194e65b..dde7f70 100755 --- a/generate-rndc-key.sh +++ b/generate-rndc-key.sh @@ -6,9 +6,10 @@ if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then echo -n $"Generating /etc/rndc.key:" - if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then + if /usr/sbin/rndc-confgen -a -A hmac-sha256 -r /dev/urandom > /dev/null 2>&1 + then chmod 640 /etc/rndc.key - chown root.named /etc/rndc.key + chown root:named /etc/rndc.key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key success $"/etc/rndc.key generation" echo |