From a4e25d5dc08a2ef9be92224a4fff79f6c87c1be1 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 09:58:43 +0000
Subject: [PATCH] Avoid stig failures when installing xmpp

---
 src/freedombone-app-xmpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index b644af42..62223377 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -1051,6 +1051,17 @@ function install_xmpp {
     chmod -R 700 /etc/prosody/conf.d
     usermod -a -G www-data prosody
 
+    # Avoid STIG failures
+    if [ -f /usr/lib/ssl/private/xmpp.key ]; then
+        chown root:root /usr/lib/ssl/private/xmpp.key
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.crt
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.dhparam
+    fi
+
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert prosody
     fi