Making “CMS Made Simple” GDPR Compliant

Please Note: This might not be all required steps. These are just the steps I have found to work for me.

 

In the database

Open the Database for your “CMS Made Simple” instance and type

select * from cms_templates where template_content like ‘%fonts.googleapis.com%’;

to check if there is a template violating the GDPR.

 

Now all you have to do is to change the CSS. You could do that with an SQL Update or just the Database Administration Tool of your choice.

What I did is to change the URL from fonts.googleapis.com to  GDPRVIOLATION-GOOGLE-FONTSAPI this way it will fail loading in the Browser thus its GDPR compliant and in the future when there is a knock-off google fonts server available in Europe we can just direct the URL to that one instead.

 

On the filesystem

Since “CMS Made Simple” is caching the template CSS on disk. We need to remove it there as well so the CMS can refresh our modified CSS text.

Caching is done in the directory tmp.

Delete every file in tmp/templates_c and tmp/cache DO NOT REMOVE THE DIRECTORIES.

Encrypting cron emails with S/MIME

Introduction

You might have your server setup in such a way that it runs a few tasks with cron so you don’t have to worry about them. Except.. you should. That is if the scheduled tasks send mission critical information over the internet. Now assume you have some kind of security audit software running like say lynis. You sure don’t want that report in the wrong hands since an attacker could really use that information to break into your server way easier than otherwise.

Assumptions

  • You have a S/MIME Certificate
  • You have root access to your linux web server
  • Your server runs on a recent Ubuntu

Encrypting

There are basically two ways of encrypting emails one is GPG and the other S/MIME. Refer to Encrypting cron emails with GPG if you prefer GPG. If you don’t know GPG I highly recommend checking that out as well since I personally consider it way more secure.

  1.  Upload your S/MIME certificate to /home/smime.pem
  2. Create a file /home/smimecron.sh with following content
    emailTo=example@example.com
    emailFrom=example@example.com
    ifne /usr/bin/openssl smime -encrypt -text -from $emailFrom -to $emailTo -subject cronlog /home/smime.pem | sendmail $emailTo
  3. Make the script executable chmod a+x /home/smimecron.sh
  4. For this script to work we need the program ifne installed. Usually if a command has no output to /dev/stdout or /dev/stderr gpg would encrypt an empty string and you would receive an encrypted email that has no content once decrypted. This would be annoying ifne  prevents this. To install it run.
    apt-get install moreutils
  5. Add the line SMIME_CMD = /home/smimecron.sh  somewhere at the top of your /etc/crontab
  6. Now you can use it by adding  | $SMIME_CMD  after a command something like this:
    * * * * * root echo "test" | $SMIME_CMD

     

  7. WARNING: Everyone with write access to /home/smimecron.sh could GAIN ROOT ACCESS. So make sure only root can write to it.