Skip to content

Instantly share code, notes, and snippets.

@opragel
Last active August 29, 2015 14:25
Show Gist options
  • Save opragel/3ef813d9b18b2a396c81 to your computer and use it in GitHub Desktop.
Save opragel/3ef813d9b18b2a396c81 to your computer and use it in GitHub Desktop.
Updates ciphers in Tomcat server.xml for JSS 9.73
#!/bin/bash
# It's your funeral
LINUX_TOMCAT_USER="tomcat7"
LINUX_TOMCAT_GROUP="tomcat7"
LINUX_SERVER_XML_PATH="/usr/local/jss/tomcat/conf/server.xml"
LINUX_SERVER_XML_BACKUP_PATH="/usr/local/jss/tomcat/conf/server.xml.bak"
MAC_TOMCAT_USER="_appserver"
MAC_TOMCAT_GROUP="_appserveradmin"
MAC_SERVER_XML_PATH="/Library/JSS/Tomcat/conf/server.xml"
MAC_SERVER_XML_BACKUP_PATH="/Library/JSS/Tomcat/conf/server.xml.bak"
if [ -f "$LINUX_SERVER_XML_PATH" ]; then
service jamf.tomcat7 stop
cp "$LINUX_SERVER_XML_PATH" "$LINUX_SERVER_XML_BACKUP_PATH"
sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$LINUX_SERVER_XML_PATH"
chown "$LINUX_TOMCAT_USER":"$LINUX_TOMCAT_GROUP" "$LINUX_SERVER_XML_BACKUP_PATH" "$LINUX_SERVER_XML_PATH"
service jamf.tomcat7 start
elif [ -f "$MAC_SERVER_XML_PATH" ]; then
launchctl unload /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
cp "$MAC_SERVER_XML_PATH" "$MAC_SERVER_XML_BACKUP_PATH"
sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$MAC_SERVER_XML_PATH"
chown "$MAC_TOMCAT_USER":"$MAC_TOMCAT_GROUP" "$MAC_SERVER_XML_PATH" "$MAC_SERVER_XML_BACKUP_PATH"
launchctl load /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
else
printf "Unable to find server.xml"
fi
@jhbush
Copy link

jhbush commented Jul 21, 2015

Typo here /System/Library/LaunchDaemons/com.jamfsoftware.tomcat.plist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment