Make it work from local dir and in packaged form
parent
450d514a0c
commit
119f5f0ab6
@ -1,97 +0,0 @@
|
||||
# prefix for testing
|
||||
DESTDIR="${DESTDIR:-}"
|
||||
PWQUALITY_CONF_FILE="${DESTDIR}/etc/security/pwquality.conf"
|
||||
VAR_DIR_ROOT="${DESTDIR}/var/lib/linux-infosec-setupper"
|
||||
VAR_DIR_PWQUALITY="${VAR_DIR_ROOT}/pwquality"
|
||||
VAR_DIR_AUDIT="${VAR_DIR_ROOT}/audit"
|
||||
SHARE_DIR_ROOT="${DESTDIR}/usr/share/linux-infosec-setupper"
|
||||
SHARE_DIR_PWQUALITY="${SHARE_DIR_ROOT}/pwquality"
|
||||
SHARE_DIR_AUDIT="${SHARE_DIR_ROOT}/audit"
|
||||
# /etc/audit/audit.rules is generated automatically from /etc/audit/rules.d/*,
|
||||
# do not edit it; also do not edit any other files, work only with ours,
|
||||
# assume that there are no other configs or they have lower priority
|
||||
AUDIT_RULES_FILE="${DESTDIR}/etc/audit/rules.d/90-linux-infosec-setupper.rules"
|
||||
AUDIT_DAEMON_CONFIG="${DESTDIR}/etc/audit/auditd.conf"
|
||||
AUDIT_DAEMON_SYSTEMD_OVERRIDE="${DESTDIR}/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf"
|
||||
# validate email, https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733
|
||||
REGEX_EMAIL="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
|
||||
|
||||
error() {
|
||||
printf "$@" 1>&2
|
||||
echo '' 1>&2
|
||||
}
|
||||
|
||||
# Translations
|
||||
TEXTDOMAIN=linux-infosec-setupper
|
||||
TEXTDOMAINDIR=/usr/share/locale
|
||||
|
||||
# $1 - value
|
||||
# $2 - param name
|
||||
# (optional) $3 - anything, trigger check for non-negative
|
||||
_check_argument_is_number() {
|
||||
if [[ "$1" == [0-9]* ]]; then
|
||||
return 0
|
||||
else
|
||||
if [ -n "$3" ]; then
|
||||
grep -Exq -- "(\-|\+)[0-9]*" <<< "$1" && return 0
|
||||
fi
|
||||
error $"Argument to %s must be a number" "$2"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# $1 - value
|
||||
# $2 - param name
|
||||
_check_argument_value() {
|
||||
if (( "$1" < "$2" )); then
|
||||
error $"Argument to %s must be greater than %s" "$2" "$3"
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
# $1 - value
|
||||
# $2 - param name
|
||||
_check_argument_is_string() {
|
||||
if [[ "$1" == *[[:blank:]]* ]]; then
|
||||
error $"Argument to %s must be a string without spaces" "$2"
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
# $1 - value
|
||||
# $2 - param name
|
||||
_check_argument_is_boolean(){
|
||||
case "$1" in
|
||||
"yes" ) return 0 ;;
|
||||
"no" ) return 0 ;;
|
||||
"" )
|
||||
error $"Value of %s is empty, set yes or no" "$2"
|
||||
return 1
|
||||
;;
|
||||
* )
|
||||
error $"String %s is not a boolean, set yes or no" "$1"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# $1 - value
|
||||
# $2 - param name
|
||||
_check_argument_is_non_negative_number(){
|
||||
# 2>/dev/null to avoid odd output if $1 is not a number
|
||||
if ! test "$1" -lt 0 2>/dev/null; then
|
||||
error $"Value of %s must be a non-negative number" "$2"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
_validate_email(){
|
||||
if ! [[ "$1" =~ ${regex_email} ]] ; then
|
||||
error $"%s is not a correct email" "$1"
|
||||
return 1
|
||||
fi
|
||||
}
|
@ -1,117 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source "${DESTDIR}/usr/share/linux-infosec-setupper/common.sh"
|
||||
source "${SHARE_DIR_PWQUALITY}/parse_pwquality.sh"
|
||||
|
||||
_mk_pwquality_conf() {
|
||||
local failed=0
|
||||
while read -r line; do local "$line" || { error $"Unable to parse /etc/security/pwquality.conf correctly; execute \n%s" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf)
|
||||
while [ -n "$1" ]; do
|
||||
case "$1" in
|
||||
--difok) shift;
|
||||
_check_argument_is_number "$1" "--difok" || failed=1
|
||||
difok="$1"
|
||||
;;
|
||||
--minlen) shift;
|
||||
_check_argument_value "$1" "6" "--minlen" || failed=1
|
||||
minlen="$1"
|
||||
;;
|
||||
--dcredit) shift;
|
||||
_check_argument_is_number "$1" "--dcredit" "-" || failed=1
|
||||
dcredit="$1"
|
||||
;;
|
||||
--ucredit) shift;
|
||||
_check_argument_is_number "$1" "--ucredit" "-" || failed=1
|
||||
ucredit="$1"
|
||||
;;
|
||||
--lcredit) shift;
|
||||
_check_argument_is_number "$1" "--lcredit" "-" || failed=1
|
||||
lcredit="$1"
|
||||
;;
|
||||
--ocredit) shift;
|
||||
_check_argument_is_number "$1" "--ocredit" "-" || failed=1
|
||||
ocredit="$1"
|
||||
;;
|
||||
--minclass) shift;
|
||||
_check_argument_is_number "$1" "--minclass" || failed=1
|
||||
minclass="$1"
|
||||
;;
|
||||
--maxrepeat) shift;
|
||||
_check_argument_is_number "$1" "--maxrepeat" || failed=1
|
||||
maxrepeat="$1"
|
||||
;;
|
||||
--maxsequence) shift;
|
||||
_check_argument_is_number "$1" "--maxsequence" || failed=1
|
||||
maxsequence="$1"
|
||||
;;
|
||||
--maxclassrepeat) shift;
|
||||
_check_argument_is_number "$1" "--maxclassrepeat" || failed=1
|
||||
maxclassrepeat="$1"
|
||||
;;
|
||||
--gecoscheck) shift;
|
||||
_check_argument_is_number "$1" "--gecoscheck" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
geoscheck="$1"
|
||||
;;
|
||||
--dictcheck) shift;
|
||||
_check_argument_is_number "$1" "--dictcheck" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
dictcheck="$1"
|
||||
;;
|
||||
--usercheck) shift;
|
||||
_check_argument_is_number "$1" "--usercheck" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
usercheck="$1"
|
||||
;;
|
||||
--usersubstr) shift;
|
||||
_check_argument_is_number "$1" "--usersubstr" || failed=1
|
||||
usersubstr="$1"
|
||||
;;
|
||||
--enforcing) shift;
|
||||
_check_argument_is_number "$1" "--enforcing" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
enforcing="$1"
|
||||
;;
|
||||
--retry) shift;
|
||||
_check_argument_is_number "$1" "--retry" || failed=1
|
||||
retry="$1"
|
||||
;;
|
||||
--enforce_for_root) shift;
|
||||
_check_argument_is_number "$1" "--enforce_for_root" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
enforce_for_root="$1"
|
||||
;;
|
||||
--local_users_only) shift;
|
||||
_check_argument_is_number "$1" "--local_users_only" || failed=1
|
||||
[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
|
||||
local_users_only="$1"
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
if [ "$failed" != 0 ]; then
|
||||
return 1
|
||||
fi
|
||||
cat <<EOF
|
||||
difok = $difok
|
||||
minlen = $minlen
|
||||
dcredit = $dcredit
|
||||
ucredit = $ucredit
|
||||
lcredit = $lcredit
|
||||
ocredit = $ocredit
|
||||
minclass = $minclass
|
||||
maxrepeat = $maxrepeat
|
||||
maxsequence = $maxsequence
|
||||
maxclassrepeat = $maxclassrepeat
|
||||
gecoscheck = $gecoscheck
|
||||
dictcheck = $dictcheck
|
||||
usercheck = $usercheck
|
||||
usersubstr = $usersubstr
|
||||
enforcing = $enforcing
|
||||
retry = $retry
|
||||
EOF
|
||||
# These parameters do not have keys (numbers after the = sign), so we work with them in a different way
|
||||
if [ "$enforce_for_root" == 1 ]; then echo "enforce_for_root"; fi
|
||||
if [ "$local_users_only" == 1 ]; then echo "local_users_only"; fi
|
||||
}
|
@ -1,8 +0,0 @@
|
||||
_pw_parse_conf() {
|
||||
while read -r line; do
|
||||
case "$line" in
|
||||
*=*) echo "${line// /}" ;;
|
||||
*) echo "${line}=1" ;;
|
||||
esac
|
||||
done < "${DESTDIR}/etc/security/pwquality.conf"
|
||||
}
|
@ -0,0 +1 @@
|
||||
*.mo
|
Loading…
Reference in New Issue