Merge branch 'master' of ssh://srv1.dumalogiya.ru:3251/nixteam/linux-infosec-setupper

mikhailnov.sh

@@ -40,6 +40,8 @@ _audit_action_config(){
 _mk_systemd_auditd_override(){
 	local do_verify=1
 	if [ -z "$DESTDIR" ]; then do_verify=0; fi
+	# auditd.service: Command /sbin/auditd is not executable: Permission denied
+	if [ "$(id -u)" -ne 0 ] ; then do_verify=0; fi
 	# --IPAddressAllow=xxx --IPAddressDeny=xxx may be specified multiple times
 	local IPAddressAllow=""
 	local IPAddressDeny=""
@@ -96,7 +98,7 @@ EOF
 		fi
 	fi
 	if [ "$do_verify" = 1 ]; then
-		local systemd_analyze_result="$(systemd-analyze verify "$AUDIT_DAEMON_SYSTEMD_OVERRIDE" 2>&1)"
+		local systemd_analyze_result="$(systemd-analyze verify auditd.service 2>&1)"
 		if [ $? != 0 ]; then
 			error $"Systemd unit file auditd.service with setted up packet filtering has not passed verification!"
 			error $"The error was:"
@@ -409,7 +411,7 @@ _mk_auditd_config(){
 			# https://listman.redhat.com/archives/linux-audit/2019-April/msg00110.html
 
 			"--systemd-firewalling-params" ) shift;
-				_mk_systemd_auditd_override "$1"
+				_mk_systemd_auditd_override $*
 				shift
 			;;
 		esac

mikhailnov_test.sh

@@ -33,6 +33,8 @@ _main(){
     _mk_auditd_config || { echo failed test 5; failed="$((++failed))"; }
     [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 650f41086f25b6c0736bdc0323ca6267 ] || { echo failed test 6; failed="$((++failed))"; }
     ! _mk_auditd_config --local_events xuy || { echo failed test 7; failed="$((++failed))"; }
+    _mk_auditd_config --systemd-firewalling-params "--IPAddressDeny any --IPAddressAllow 192.168.10.1/24 --IPAddressAllow 192.168.20.1" || { echo failed test 8; failed="$((++failed))"; }
+    [ "$(md5sum "${DESTDIR}"/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf | awk '{print $1}')" = 27f8c93280d21e8b0d4b399ac234b663 ] || { echo failed test 9; failed="$((++failed))"; }
 }
 
 _main