rtrouton · January 14, 2016 20:45 · rtrouton · Jul 30, 2015
diff --git a/cipher.sh b/cipher.sh
 #!/bin/bash

 # Add the user and group used by Tomcat on your Linux
 # server. For Casper 9.x running on Red Hat Enterprise 
 # Linux, the user and group are filled in below.

 linux_tomcat_user="tomcat7"
 linux_tomcat_group="tomcat7"

 # Add the user and group used by Tomcat on your Linux
 # server. For Red Hat Enterprise Linux and CentOS, in a
 # situation where JAMF's JSS Linux installer is used to
 # install Casper, the paths are as filled in below.

 linux_server_xml_path="/usr/local/jss/tomcat/conf/server.xml"
 linux_server_xml_backup_path="/usr/local/jss/tomcat/conf/server.xml.bak"

 if [ -f "$linux_server_xml_path" ]; then
  service jamf.tomcat7 stop
  cp "$linux_server_xml_path" "$linux_server_xml_backup_path"
  chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_backup_path"
  sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$linux_server_xml_path"
  chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_path"
  service jamf.tomcat7 start
 fi
	#!/bin/bash

	# Add the user and group used by Tomcat on your Linux
	# server. For Casper 9.x running on Red Hat Enterprise
	# Linux, the user and group are filled in below.

	linux_tomcat_user="tomcat7"
	linux_tomcat_group="tomcat7"

	# Add the user and group used by Tomcat on your Linux
	# server. For Red Hat Enterprise Linux and CentOS, in a
	# situation where JAMF's JSS Linux installer is used to
	# install Casper, the paths are as filled in below.

	linux_server_xml_path="/usr/local/jss/tomcat/conf/server.xml"
	linux_server_xml_backup_path="/usr/local/jss/tomcat/conf/server.xml.bak"

	if [ -f "$linux_server_xml_path" ]; then
	service jamf.tomcat7 stop
	cp "$linux_server_xml_path" "$linux_server_xml_backup_path"
	chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_backup_path"
	sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$linux_server_xml_path"
	chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_path"
	service jamf.tomcat7 start
	fi