From 3834526d85453d5897fcf0e08fde297e529b0798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D0=B5=D0=BC=D0=B8=D0=B9?= Date: Sun, 20 Jun 2021 15:23:33 +0300 Subject: [PATCH] reupload tmp trash --- DESTDIR/etc/audit/auditd.conf | 21 +++ .../pwquality/back_pwquality.sh | 122 ++++++++++++++++++ .../audit/auditd-conf.sh | 26 ++++ stock/pw_default | 15 +++ 4 files changed, 184 insertions(+) create mode 100644 DESTDIR/etc/audit/auditd.conf create mode 100644 DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh create mode 100644 DESTDIR/var/lib/linux-infosec-setupper/audit/auditd-conf.sh create mode 100644 stock/pw_default diff --git a/DESTDIR/etc/audit/auditd.conf b/DESTDIR/etc/audit/auditd.conf new file mode 100644 index 0000000..2e41fcd --- /dev/null +++ b/DESTDIR/etc/audit/auditd.conf @@ -0,0 +1,21 @@ +# Generated by linux-infosec-setupper +local_events = yes +log_file = . +write_logs = yes +log_format = RAW +log_group = root +priority_boost = 6 +flush = incremental_async +freq = 0 +max_log_fileaction = rotate +num_logs = 3 +disp_qos = lossless +distribute_network = no +name_format = hostname +max_log_file = 8 +space_left = 10 +space_left_action = syslog +disk_full_action = halt +disk_error_action = halt +tcp_listen_port = 1 +tcp_max_per_addr = 1 diff --git a/DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh b/DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh new file mode 100644 index 0000000..87fd22c --- /dev/null +++ b/DESTDIR/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh @@ -0,0 +1,122 @@ +#!/bin/bash +set -e + +# detect running from git tree +if [ -f ./common.sh ] && [ -f "$0" ] +then + source common.sh +else + source /usr/share/linux-infosec-setupper/common.sh +fi + +_mk_pwquality_conf() { +local failed=0 +while read -r line; do local "$line" || { error $"Unable to parse /etc/security/pwquality.conf correctly; execute \n%s" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf) + while [ -n "$1" ]; do + case "$1" in + --difok) shift; + _check_argument_is_number "$1" "--difok" || failed=1 + difok="$1" + ;; + --minlen) shift; + _check_argument_value "$1" "6" "--minlen" || failed=1 + minlen="$1" + ;; + --dcredit) shift; + _check_argument_is_number "$1" "--dcredit" "-" || failed=1 + dcredit="$1" + ;; + --ucredit) shift; + _check_argument_is_number "$1" "--ucredit" "-" || failed=1 + ucredit="$1" + ;; + --lcredit) shift; + _check_argument_is_number "$1" "--lcredit" "-" || failed=1 + lcredit="$1" + ;; + --ocredit) shift; + _check_argument_is_number "$1" "--ocredit" "-" || failed=1 + ocredit="$1" + ;; + --minclass) shift; + _check_argument_is_number "$1" "--minclass" || failed=1 + minclass="$1" + ;; + --maxrepeat) shift; + _check_argument_is_number "$1" "--maxrepeat" || failed=1 + maxrepeat="$1" + ;; + --maxsequence) shift; + _check_argument_is_number "$1" "--maxsequence" || failed=1 + maxsequence="$1" + ;; + --maxclassrepeat) shift; + _check_argument_is_number "$1" "--maxclassrepeat" || failed=1 + maxclassrepeat="$1" + ;; + --gecoscheck) shift; + _check_argument_is_number "$1" "--gecoscheck" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + geoscheck="$1" + ;; + --dictcheck) shift; + _check_argument_is_number "$1" "--dictcheck" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + dictcheck="$1" + ;; + --usercheck) shift; + _check_argument_is_number "$1" "--usercheck" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + usercheck="$1" + ;; + --usersubstr) shift; + _check_argument_is_number "$1" "--usersubstr" || failed=1 + usersubstr="$1" + ;; + --enforcing) shift; + _check_argument_is_number "$1" "--enforcing" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + enforcing="$1" + ;; + --retry) shift; + _check_argument_is_number "$1" "--retry" || failed=1 + retry="$1" + ;; + --enforce_for_root) shift; + _check_argument_is_number "$1" "--enforce_for_root" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + enforce_for_root="$1" + ;; + --local_users_only) shift; + _check_argument_is_number "$1" "--local_users_only" || failed=1 + [[ "$1" =~ (0|1) ]] || { error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"; failed=1; } + local_users_only="$1" + ;; + esac + shift + done + if [ "$failed" != 0 ]; then + return 1 + fi +cat <