From c2d0bb089f0f12425e270ab12f7663165dc3c17c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D0=B5=D0=BC=D0=B8=D0=B9?= Date: Sat, 19 Jun 2021 17:26:05 +0300 Subject: [PATCH 1/2] Write frontend and backend for pwquality --- back_pwquality.sh | 3 ++- common.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/back_pwquality.sh b/back_pwquality.sh index eb70557..246a5f9 100644 --- a/back_pwquality.sh +++ b/back_pwquality.sh @@ -75,6 +75,7 @@ _mk_pwquality_conf() { --maxclassrepeat) shift; _check_argument_is_number "$1" "--maxclassrepeat" || failed=1 maxclassrepeat="$1" + shift ;; --gecoscheck) shift; _check_argument_is_number "$1" "--gecoscheck" || failed=1 @@ -85,7 +86,7 @@ _mk_pwquality_conf() { --dictcheck) shift; _check_argument_is_number "$1" "--dictcheck" || failed=1 [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } - dickcheck="$1" + dictcheck="$1" shift ;; --usercheck) shift; diff --git a/common.sh b/common.sh index efc6ab5..06ca357 100644 --- a/common.sh +++ b/common.sh @@ -32,7 +32,7 @@ _check_argument_is_number() { # $1 - value # $2 - param name _check_argument_value() { - if [[ "$1" < "$2" ]]; then + if (( "$1" < "$2" )); then error $"Argument to %s must be greater than %s" "$2" "$3" return 1 else From 4f90e89480a78f69e4d11a844c925fe59b157f14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D0=B5=D0=BC=D0=B8=D0=B9?= Date: Sat, 19 Jun 2021 17:26:47 +0300 Subject: [PATCH 2/2] add front_pwquality.sh --- front_pwquality.sh | 86 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 front_pwquality.sh diff --git a/front_pwquality.sh b/front_pwquality.sh new file mode 100644 index 0000000..4fb7163 --- /dev/null +++ b/front_pwquality.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +minlen=8 +dcredit=0 +ucredir=0 +lcredit=0 +ocredit=0 +minclass=0 +maxrepeat=0 +maxsequence=0 +maxclassrepeat=0 +gecoscheck=0 +dictcheck=1 +usercheck=1 +usersubstr=0 +enforcing=1 +retry=1 +enforce_for_root=0 +local_users_only=0 + +for i in gecoscheck enforce_for_root local_users_only dictcheck usercheck enforcing; do + eval 'if [[ $'$i' == 0 ]]; then declare $i=FALSE; else declare $i=TRUE; fi' +done +var="$(yad --title="linux-infosec-setupper" --form --text="Настройки политики паролей" --image=/usr/share/icons/hicolor/48x48/apps/gcr-key.png --scroll --width=800 --height=800 \ + --field=$"Number of characters in the new password that must not be present in the old password::LBL" "!" \ + --field=$"Value (difok)::NUM" "1" \ + --field=$"Minimum acceptable size for the new password:LBL" "!" \ + --field=$"Value (minlen):NUM" "$minlen!6..9999!1" \ + --field=$"The maximum credit for having digits in the new password::LBL" "!" \ + --field=$"Value (dcredit):NUM" "$dcredit!-9999..+9999!1" \ + --field=$"The maximum credit for having uppercase characters in the new password:LBL" "!" \ + --field=$"Value (ucredit):NUM" "$ucredir!-9999..+9999!1" \ + --field=$"The maximum credit for having lowercase characters in the new password:LBL" "!" \ + --field=$"Value (lcredit):NUM" "$lcredir!-9999..+9999!1" \ + --field=$"The maximum credit for having other characters in the new password:LBL" "!" \ + --field=$"Value (ocredit):NUM" "$ocredir!-9999..+9999!1" \ + --field=$"The minimum number of required classes of characters for the new password:LBL" "!" \ + --field=$"Value (minclass):NUM" "$minclass!0..9999!1" \ + --field=$"The maximum number of allowed same consecutive charatcers in the new password:LBL" "!" \ + --field=$"Value (maxrepeat):NUM" "$maxrepeat!0..9999!1" \ + --field=$"The maximum length of monotonic chatacter sequences in the new password:LBL" "!" \ + --field=$"Value (maxsequence):NUM" "$maxsequence!0..9999!1" \ + --field=$"The maximum number of allowed consecutive characters of the same class in the new password:LBL" "!" \ + --field=$"Value (maxclassrepeat):NUM" "$maxclassrepeat!0..9999!1" \ + --field=$"Check whether the password contains a substring of at least N length:LBL" "!" \ + --field=$"Value (usersubstr):NUM" "$usersubstr:0..9999:1" \ + --field=$"Prompt the user at most N times before returning error:LBL" "!" \ + --field=$"Value (retry):NUM" "$retry:0..9999:1" \ + --field=$"Check whether the words longer than 3 characters from the GECO field of passwd:LBL" "!" \ + --field=$"Status (gecoscheck):CHK" "$gecoscheck" \ + --field=$"Check whether the password macthices a word in a dictionary:LBL" "!" \ + --field=$"Status (dictcheck):CHK" "$dictcheck" \ + --field=$"Check whether the password contains the user name in some form:LBL" "!" \ + --field=$"Status (usercheck):CHK" "$usercheck" \ + --field=$"Reject the password if it fails the checks:LBL" "!" \ + --field=$"Status (enforcing):CHK" "$enforcing" \ + --field=$"Return error on failed check even if the user changing the password is root:LBL" "!" \ + --field=$"Status (enforce_for_root):CHK" "$enforce_for_root" \ + --field=$"Not test the password quality for users that are not present in /etc/passwd:LBL" "!" \ + --field=$"Status (local_users_only):CHK" "$local_users_only")" + +var2="$(while read -rd '|' line; do + echo $line +done <<<"$var" | sed '/^$/d' | \ + sed 's/TRUE/1/ + ;s/FALSE/0/ + ;1s/^/--difok / + ;2s/^/--minlen / + ;3s/^/--dcredit / + ;4s/^/--ucredit / + ;5s/^/--lcredit / + ;6s/^/--ocredit / + ;7s/^/--minclass / + ;8s/^/--maxrepeat / + ;9s/^/--maxsequence / + ;10s/^/--maxclassrepeat / + ;11s/^/--usersubstr / + ;12s/^/--retry / + ;13s/^/--gecoscheck / + ;14s/^/--dictcheck / + ;15s/^/--usercheck / + ;16s/^/--enforcing / + ;17s/^/--enforce_for_root / + ;18s/^/--local_users_only /' | tr '\n' ' ')" +source back_pwquality.sh +_mk_pwquality_conf $var2