From b7eec7f03c5f1b55842d4639b7900628cd184563 Mon Sep 17 00:00:00 2001
From: Malte Kiefer <malte@radermacher-consulting.de>
Date: Mon, 20 Dec 2021 06:04:20 +0100
Subject: [PATCH 1/2] increase the security of passwords at mesh

---
 .../containers/tactical-meshcentral/entrypoint.sh | 15 +++++++++++++++
 install.sh                                        | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/docker/containers/tactical-meshcentral/entrypoint.sh b/docker/containers/tactical-meshcentral/entrypoint.sh
index 3e612fc19c..a0a451a83e 100644
--- a/docker/containers/tactical-meshcentral/entrypoint.sh
+++ b/docker/containers/tactical-meshcentral/entrypoint.sh
@@ -43,6 +43,21 @@ mesh_config="$(cat << EOF
       "coolofftime": 30
     }
   },
+  "domaindefaults":{
+    "passwordRequirements": {
+      "min": 8,
+      "max": 128,
+      "upper": 1,
+      "lower": 1,
+      "numeric": 1,
+      "nonalpha": 1,
+      "reset": 90,
+      "force2factor": false,
+      "oldPasswordBan": 5,
+      "banCommonPasswords": false,
+      "twoFactorTimeout": 300
+    }
+  },
   "domains": {
     "": {
       "Title": "Tactical RMM",
diff --git a/install.sh b/install.sh
index 6acce06fe4..af3b8dc918 100644
--- a/install.sh
+++ b/install.sh
@@ -288,6 +288,21 @@ meshcfg="$(cat << EOF
     "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 }
   },
   "domains": {
+    "domaindefaults":{
+      "passwordRequirements": {
+        "min": 8,
+        "max": 128,
+        "upper": 1,
+        "lower": 1,
+        "numeric": 1,
+        "nonalpha": 1,
+        "reset": 90,
+        "force2factor": false,
+        "oldPasswordBan": 5,
+        "banCommonPasswords": false,
+        "twoFactorTimeout": 300
+      }
+    },
     "": {
       "Title": "Tactical RMM",
       "Title2": "Tactical RMM",

From e44c49af7be4843ce6792da5115f3a78470e92a6 Mon Sep 17 00:00:00 2001
From: Malte Kiefer <malte@radermacher-consulting.de>
Date: Mon, 20 Dec 2021 06:48:26 +0100
Subject: [PATCH 2/2] ban common passwords

---
 docker/containers/tactical-meshcentral/entrypoint.sh | 2 +-
 install.sh                                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/containers/tactical-meshcentral/entrypoint.sh b/docker/containers/tactical-meshcentral/entrypoint.sh
index a0a451a83e..d5e3f2fa1d 100644
--- a/docker/containers/tactical-meshcentral/entrypoint.sh
+++ b/docker/containers/tactical-meshcentral/entrypoint.sh
@@ -54,7 +54,7 @@ mesh_config="$(cat << EOF
       "reset": 90,
       "force2factor": false,
       "oldPasswordBan": 5,
-      "banCommonPasswords": false,
+      "banCommonPasswords": true,
       "twoFactorTimeout": 300
     }
   },
diff --git a/install.sh b/install.sh
index af3b8dc918..88b8facf3a 100644
--- a/install.sh
+++ b/install.sh
@@ -299,7 +299,7 @@ meshcfg="$(cat << EOF
         "reset": 90,
         "force2factor": false,
         "oldPasswordBan": 5,
-        "banCommonPasswords": false,
+        "banCommonPasswords": true,
         "twoFactorTimeout": 300
       }
     },