reupload tmp trash

3 years ago · 3834526d85
parent 6ebb6b0a2c
commit 3834526d85
4 changed files with 184 additions and 0 deletions
--- a/DESTDIR/etc/audit/auditd.conf
+++ b/DESTDIR/etc/audit/auditd.conf
@ -0,0 +1,21 @@
+# Generated by linux-infosec-setupper
+local_events = yes
+log_file = .
+write_logs = yes
+log_format = RAW
+log_group = root
+priority_boost = 6
+flush = incremental_async
+freq = 0
+max_log_fileaction = rotate
+num_logs = 3
+disp_qos = lossless
+distribute_network = no
+name_format = hostname
+max_log_file = 8
+space_left = 10
+space_left_action = syslog
+disk_full_action = halt
+disk_error_action = halt
+tcp_listen_port = 1
+tcp_max_per_addr = 1
--- a/DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh
+++ b/DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh
@ -0,0 +1,122 @@
+#!/bin/bash
+set -e
+
+# detect running from git tree
+if [ -f ./common.sh ] && [ -f "$0" ]
+then
+	source common.sh
+else
+	source /usr/share/linux-infosec-setupper/common.sh
+fi
+
+_mk_pwquality_conf() {
+local failed=0
+while read -r line; do local "$line" || { error $"Unable to parse /etc/security/pwquality.conf correctly; execute \n%s" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf)
+	while [ -n "$1" ]; do
+		case "$1" in
+			--difok) shift;
+				_check_argument_is_number "$1" "--difok" || failed=1
+				difok="$1"
+		;;
+			--minlen) shift;
+				_check_argument_value "$1" "6" "--minlen" || failed=1
+				minlen="$1"
+		;;
+			--dcredit) shift;
+				_check_argument_is_number "$1" "--dcredit" "-" || failed=1
+				dcredit="$1"
+		;;
+			--ucredit) shift;
+				_check_argument_is_number "$1" "--ucredit" "-" || failed=1
+				ucredit="$1"
+		;;
+			--lcredit) shift;
+				_check_argument_is_number "$1" "--lcredit" "-" || failed=1
+				lcredit="$1"
+		;;
+			--ocredit) shift;
+				_check_argument_is_number "$1" "--ocredit" "-" || failed=1
+				ocredit="$1"
+		;;
+			--minclass) shift;
+				_check_argument_is_number "$1" "--minclass" || failed=1
+				minclass="$1"
+		;;
+			--maxrepeat) shift;
+			 	_check_argument_is_number "$1" "--maxrepeat" || failed=1
+				maxrepeat="$1"
+		;;
+			--maxsequence) shift;
+				_check_argument_is_number "$1" "--maxsequence" || failed=1
+				maxsequence="$1"
+		;;
+			--maxclassrepeat) shift;
+				_check_argument_is_number "$1" "--maxclassrepeat" || failed=1
+				maxclassrepeat="$1"
+		;;
+			--gecoscheck) shift;
+				_check_argument_is_number "$1" "--gecoscheck" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				geoscheck="$1"
+		;;
+			--dictcheck) shift;
+				_check_argument_is_number "$1" "--dictcheck" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				dictcheck="$1"
+		;;
+			--usercheck) shift;
+				_check_argument_is_number "$1" "--usercheck" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				usercheck="$1"
+		;;
+			--usersubstr) shift;
+				_check_argument_is_number "$1" "--usersubstr" || failed=1
+				usersubstr="$1"
+		;;
+			--enforcing) shift;
+				_check_argument_is_number "$1" "--enforcing" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				enforcing="$1"
+		;;
+			--retry) shift;
+				_check_argument_is_number "$1" "--retry" || failed=1
+				retry="$1"
+		;;
+			--enforce_for_root) shift;
+				_check_argument_is_number "$1" "--enforce_for_root" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				enforce_for_root="$1"
+		;;
+			--local_users_only) shift;
+				_check_argument_is_number "$1" "--local_users_only" || failed=1
+				[[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; }
+				local_users_only="$1"
+		;;
+		esac
+	shift
+	done
+	if [ "$failed" != 0 ]; then
+		return 1
+	fi
+cat <<EOF
+difok = $difok
+minlen = $minlen
+dcredit = $dcredit
+ucredit = $ucredit
+lcredit = $lcredit
+ocredit = $ocredit
+minclass = $minclass
+maxrepeat = $maxrepeat
+maxsequence = $maxsequence
+maxclassrepeat = $maxclassrepeat
+gecoscheck = $gecoscheck
+dictcheck = $dictcheck
+usercheck = $usercheck
+usersubstr = $usersubstr
+enforcing = $enforcing
+retry = $retry
+EOF
+# These parameters do not have keys (numbers after the = sign), so we work with them in a different way
+if [ "$enforce_for_root" == 1 ]; then echo "enforce_for_root"; fi
+if [ "$local_users_only" == 1 ]; then echo "local_users_only"; fi
+}
--- a/DESTDIR/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
+++ b/DESTDIR/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
@ -0,0 +1,26 @@
+# Generated by linux-infosec-setupper
+local_events="yes"
+log_file="."
+write_logs="yes"
+log_format="RAW"
+log_group="root"
+priority_boost="6"
+flush="incremental_async"
+freq="0"
+max_log_fileaction="rotate"
+num_logs="3"
+disp_qos="lossless"
+dispatcher=""
+distribute_network="no"
+name_format="hostname"
+name=""
+max_log_file="8"
+action_mail_acct=""
+space_left="10"
+space_left_action="syslog"
+disk_full_action="halt"
+disk_error_action="halt"
+tcp_listen_port="1"
+tcp_max_per_addr="1"
+systemd_allowed_ip_list=""
+systemd_denied_ip_list=""
--- a/stock/pw_default
+++ b/stock/pw_default
@ -0,0 +1,15 @@
+minlen = 8
+dcredit = 0
+ucredir = 0
+lcredit = 0
+ocredit = 0
+minclass = 0
+maxrepeat = 0
+maxsequence = 0
+maxclassrepeat = 0
+gecoscheck = 0
+dictcheck = 1
+usercheck = 1
+usersubstr = 0
+enforcing = 1
+retry = 1