Hardening MySQL configuration, prevent local infile.

Closes hestiacp#663

Author: ScIT-Raphael

CHANGELOG.md

@@ -60,6 +60,7 @@ All notable changes to this project will be documented in this file.
 - Added robots.txt for roundcube webmail to prevent search bot crawling.
 - Re-Enable force ssl function on let's encrypt certification renew.
 - Added official postgresql repository to be up to date.
+- Hardening MySQL configuration, prevent local infile.
 
 ## [1.0.6] - 2019-09-24 - Hotfix
 ### Bugfixes

install/deb/mysql/my-large.cnf

@@ -17,6 +17,7 @@ lc-messages-dir=/usr/share/mysql
 log_error=/var/log/mysql/error.log
 
 symbolic-links=0
+local-infile=0
 
 skip-external-locking
 key_buffer_size = 256M

install/deb/mysql/my-medium.cnf

@@ -17,6 +17,7 @@ lc-messages-dir=/usr/share/mysql
 log_error=/var/log/mysql/error.log
 
 symbolic-links=0
+local-infile=0
 
 skip-external-locking
 key_buffer_size = 16M

install/deb/mysql/my-small.cnf

@@ -17,6 +17,7 @@ lc-messages-dir=/usr/share/mysql
 log_error=/var/log/mysql/error.log
 
 symbolic-links=0
+local-infile=0
 
 skip-external-locking
 key_buffer_size = 16K

install/upgrade/versions/latest.sh

@@ -140,4 +140,13 @@ if [ -e "/etc/postgresql" ]; then
     wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
     APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
     rm /tmp/psql_signing.key
-fi
+fi
+
+# Hardening MySQL configuration, prevent local infile.
+if [ -e "/etc/mysql/my.cnf" ]; then
+    mysql_local_infile_check=$(grep local-infile /etc/mysql/my.cnf)
+    if [ -z "$mysql_local_infile_check" ]; then
+        echo "(*) Hardening MySQL configuration..."
+        sed -i '/symbolic-links\=0/a\local-infile=0' /etc/mysql/my.cnf
+    fi
+fi