Imagick Security Policy

SmartTouch

A while ago I built a PDF to ebook generator, I had to updated my imagemagick security policy at /etc/ImageMagick-6/policy.xml to allow PDF read/write so I could generate the images from the PDF pages:

At some point recently my ebook generator stopped working, I don't know how long it's been down. A client called me asking why their ebook isn't working.. I checked the error logs and saw the security policy error. When I checked the line in policy.xml and it reverted to:

I'm assuming it got overwritten by either an automatic update or a manual enhance update. What can I do to make sure this setting doesn't get reverted? Do I just have to check it and fix it every time I do a server update?

JohnB

SmartTouch Just FYI there are uptime monitors that can check for security policy / JS errors on a page and trigger a down alert. Uptime Kuma could do this as could any that spin up an actual chrome instance vs a curl request to check uptime.

ecknz

SmartTouch You could use a simple bash script to replace the values nightly or whatever you set a cron to.

xyzulu

@SmartTouch this script from @cPFence could be adapted to suit your needs: https://gist.github.com/cPFence/041ef1ba10a41d62bd2a4d6cee2dae41