From 2b0dd2b3860a1211bfab16b4148ada176cc50971 Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <mikhailnov@nixtux.ru>
Date: Sun, 20 Jun 2021 12:40:14 +0300
Subject: [PATCH] add auditd config cli

---
 DESTDIR/.gitignore          |  2 ++
 Makefile                    |  4 +++
 common.sh                   |  5 ++++
 front_auditd_cli.sh         | 60 +++++++++++++++++++++++++++++++++++++
 linux-infosec-setupper.spec |  1 +
 5 files changed, 72 insertions(+)
 create mode 100644 DESTDIR/.gitignore
 create mode 100644 front_auditd_cli.sh

diff --git a/DESTDIR/.gitignore b/DESTDIR/.gitignore
new file mode 100644
index 0000000..5f74b40
--- /dev/null
+++ b/DESTDIR/.gitignore
@@ -0,0 +1,2 @@
+etc/audit/auditd.conf
+var/lib/linux-infosec-setupper/audit/auditd-conf.sh
diff --git a/Makefile b/Makefile
index fe31492..56e34ed 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,11 @@ all:
 	cd po/back_auditd ; msgfmt -o linux-infosec-setupper-back_auditd.mo ru.po
 
 install:
+	# bin is for scripts which will run sbin/* via pkexec
 	#mkdir -p $(DESTDIR)/usr/bin
+	# sbin is for executables
+	mkdir -p $(DESTDIR)/usr/sbin
+	install -m0755 front_auditd_cli.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-auditd-cli
 	mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper
 	mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/audit
 	#mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality
diff --git a/common.sh b/common.sh
index 0eac07f..0d7fb22 100644
--- a/common.sh
+++ b/common.sh
@@ -16,6 +16,11 @@ AUDIT_DAEMON_SYSTEMD_OVERRIDE="${DESTDIR}/etc/systemd/system/auditd.service.d/90
 # validate email, https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733
 REGEX_EMAIL="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
 
+_echo() {
+	printf -- "$@"
+	echo ''
+}
+
 error() {
 	printf -- "$@" 1>&2
 	echo '' 1>&2
diff --git a/front_auditd_cli.sh b/front_auditd_cli.sh
new file mode 100644
index 0000000..18d8206
--- /dev/null
+++ b/front_auditd_cli.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+# detect running from git tree
+if [ -f ./common.sh ] && [ -f "$0" ]
+then
+	source common.sh
+	source back_auditd.sh
+else
+	source /usr/share/linux-infosec-setupper/common.sh
+	source "${SHARE_DIR_PWQUALITY}/back_auditd.sh"
+fi
+
+_audit_variables
+
+_echo_help(){
+	_echo $"This is generator of auditd config"
+	_echo $"Run as: %s [--parameter value] [--parameter value]" "$0"
+	_echo $"Supported parameters of auditd and their default values are:"
+	cat << EOF
+--local_events "$local_events"
+--log_file "$log_file"
+--write_logs "$write_logs"
+--log_format "$log_format"
+--log_group "$log_group"
+--priority_boost "$priority_boost"
+--flush "$flush"
+--freq "$freq"
+--max_log_fileaction "$max_log_fileaction"
+--num_logs "$num_logs"
+--disp_qos "$disp_qos"
+--dispatcher "$dispatcher"
+--distribute_network "$distribute_network"
+--name_format "$name_format"
+--name "$name"
+--max_log_file "$max_log_file"
+--action_mail_acct "$action_mail_acct"
+--space_left "$space_left"
+--space_left_action "$space_left_action"
+--disk_full_action "$disk_full_action"
+--disk_error_action "$disk_error_action"
+--tcp_listen_port "$tcp_listen_port"
+--tcp_max_per_addr "$tcp_max_per_addr"
+EOF
+}
+
+_main(){
+	if [[ "$@" =~ (\-\-help|\-h)($|[[:space:]]) ]]; then
+		_echo_help
+		exit 0
+	fi
+	if [ -z "$(echo "$@")" ]; then
+		_echo_help
+		exit 1
+	fi
+	_mk_auditd_config $@
+	_write_auditd_config
+}
+
+_main $@
diff --git a/linux-infosec-setupper.spec b/linux-infosec-setupper.spec
index 418ed8f..0ccdc9a 100644
--- a/linux-infosec-setupper.spec
+++ b/linux-infosec-setupper.spec
@@ -44,6 +44,7 @@ Requires: audit
 CLI and backend to setup auditd configs
 
 %files auditd-cli
+%{_sbindir}/linux-infosec-setupper-auditd-cli
 %dir %{_datadir}/linux-infosec-setupper/audit
 %{_datadir}/linux-infosec-setupper/audit/back_auditd.sh
 %dir %attr(0700,root,root) /var/lib/linux-infosec-setupper/audit