From f29ada6c12380391650fad4be66e1480607be68f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D0=B5=D0=BC=D0=B8=D0=B9?=
 <finziyr@yandex.ru>
Date: Sun, 20 Jun 2021 14:50:13 +0300
Subject: [PATCH] Rework front audit gui

---
 back_auditd.sh     |  1 +
 common.sh          |  4 ++++
 front_auditd.sh    | 31 ++++++++++++++++++-------------
 front_pwquality.sh |  8 ++++----
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/back_auditd.sh b/back_auditd.sh
index 667f6be..010842e 100755
--- a/back_auditd.sh
+++ b/back_auditd.sh
@@ -166,6 +166,7 @@ _mk_auditd_config(){
 			"--local_events" ) shift;
 				_check_argument_is_boolean "$1" "local_events" || failed=1
 				local_events="$1"
+				shift;
 			;;
 			# We recommend using default /var/log/audit/audit.log to avoid mess
 			# with SELinux, log rotation (auditd rotates the log by itself by default
diff --git a/common.sh b/common.sh
index d6dd39c..3598a5d 100644
--- a/common.sh
+++ b/common.sh
@@ -116,3 +116,7 @@ _pw_parse_conf() {
 		esac
 	done < "${DESTDIR}/etc/security/pwquality.conf"
 }
+_yad_error() {
+	yad --form --image=dialog-error --text="Error" --title="Error" --field="$@:LBL" --button="yad-close:1" --width=100 --height=100 --scroll
+	return 1
+}
diff --git a/front_auditd.sh b/front_auditd.sh
index b87c2bd..e5d07d2 100644
--- a/front_auditd.sh
+++ b/front_auditd.sh
@@ -13,7 +13,7 @@ else
 fi
 
 if ! [ -f "${VAR_DIR_AUDIT}/auditd-conf.sh}" ]; then
-	_mk_auditd_config || { error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
+	_mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
 fi
 
 source "${VAR_DIR_AUDIT}/auditd-conf.sh" || exit 1
@@ -22,7 +22,7 @@ source "${VAR_DIR_AUDIT}/auditd-conf.sh" || exit 1
 # We change the following parameters no to FALSE and yes to TRUE
 for i in local_events write_logs distribute_network; do
 	# The variables have the same name as the lines in the config
-	eval 'if [[ $'$i' == "yes" ]]; then declare $i=TRUE; else declare $i=FALSE; fi' || { error $"Unable to set variable %s" "$i"; exit 1; }
+	eval 'if [[ $'$i' == "yes" ]]; then declare $i=TRUE; else declare $i=FALSE; fi' || { _yad_error $"Unable to set variable %s" "$i"; exit 1; }
 done
 
 _tag1="<span weight='bold'>"
@@ -48,13 +48,13 @@ yad --plug=$_NUMBER --tabnum=1 --form \
 	--field=$"Local events::LBL" "!" \
 	  --field=$"(Status) Local events:CHK" "${local_events:-FALSE}" \
 	--field=$"Log file::LBL" "!" \
-	  --field=$"${_tag1}(String) Log file${_tag2}:SFL" "${log_file}" \
+	  --field=$"${_tag1}(String) Log file${_tag2}:SFL" "${log_file:-@}" \
 	--field=$"Write logs::LBL" "!" \
 	  --field=$"(Status) Write logs:CHK" "${write_logs:-FALSE}" \
 	--field=$"Log format::LBL" "!" \
 	  --field=$"${_tag1}(Value) Log format${_tag2}:CB" "$(if [ -n "$log_format" ]; then echo "RAW!ENRICHED!" | sed "s/$log_format\!/\^$log_format\!/g;s/\!\$//"; else echo "RAW!ENRICHED"; fi)" \
 	--field=$"Log group::LBL" "!" \
-	  --field=$"${_tag1}(String) Log group${_tag2}" "${log_group}" \
+	  --field=$"${_tag1}(String) Log group${_tag2}" "${log_group:-@}" \
 	--field=$"Priority boost::LBL" "!" \
 	  --field=$"${_tag1}(Value) Priority boost${_tag2}:NUM" "${priority_boost:-0}!" \
 	--field=$"Flush::LBL" "!" \
@@ -68,17 +68,17 @@ yad --plug=$_NUMBER --tabnum=1 --form \
 	--field=$"Disp Qos::LBL" "!" \
 	  --field=$"${_tag1}(Value) Disp Qos${_tag2}:CB" "$(if [ -n "$disp_qos" ]; then echo "lossy!lossless!" | sed "s/$disp_qos\!/\^$disp_qos\!/g;s/\!\$//"; else echo "lossy!lossless"; fi)" \
 	--field=$"Dispatcher::LBL" "!" \
-	  --field=$"${_tag1}(String) dispatcher${_tag2}:SFL" "${dispatcher}" \
+	  --field=$"${_tag1}(String) dispatcher${_tag2}:SFL" "${dispatcher:-@}" \
 	--field=$"Distribute network::LBL" "!" \
 	  --field=$"(Status) Distribute network:CHK" "${distribute_network:-FALSE}" \
 	--field=$"Name format::LBL" "!" \
 	  --field=$"${_tag1}(Value) Name format${_tag2}:CB" "$(if [ -n "$name_format" ]; then echo "none!hostname!fqd!numeric!user!" | sed "s/$name_format\!/\^$name_format\!/g;s/\!\$//"; else echo "none!hostname!fqd!numeric!user"; fi)" \
 	--field=$"Name::LBL" "!" \
-	  --field=$"${_tag1}(String) Name${_tag2}" "${name}" \
+	  --field=$"${_tag1}(String) Name${_tag2}" "${name:-@}" \
 	--field=$"Max log file::LBL" "!" \
 	  --field=$"${_tag1}(Value) Max log file${_tag2}:NUM" "${max_log_file:-0}!" \
 	--field=$"Action Mail Acct::LBL" "!" \
-	  --field=$"${_tag1}(String) Action Mail Acct${_tag2}:" "${action_mail_acct}" \
+	  --field=$"${_tag1}(String) Action Mail Acct${_tag2}:" "${action_mail_acct:-@}" \
 	--field=$"Space left::LBL" "!" \
 	  --field=$"${_tag1}(Value) Space left${_tag2}:NUM" "${space_left:-0}!" \
 	--field=$"Space left action::LBL" "!" \
@@ -99,8 +99,8 @@ yad --plug=$_NUMBER --tabnum=2 --form \
 	--field=$"Tcp max per addr::LBL" "!" \
 	  --field=$"${_tag1}(Value) Tcp max per addr${_tag2}::NUM" "${tcp_max_per_addr_port:-1}!1..65535!1" \
 	--field=$"Systemd firewalling params:LBL" "!" \
-	  --field=$"${_tag1}(Value) Allowed IPs${_tag2}::TXT" "$(echo -e "${systemd_allowed_ip_list// /\\n}")" \
-	  --field=$"${_tag1}(Value) Denied IPs${_tag2}::TXT" "$(echo -e "${systemd_denied_ip_list// /\\n}")" &>"$_temp_file2" &
+	  --field=$"${_tag1}(Value) Allowed IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "@"; else echo -e "${systemd_allowed_ip_list// /\\n}"; fi)" \
+	  --field=$"${_tag1}(Value) Denied IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "@"; else echo -e "${systemd_denied_ip_list// /\\n}"; fi)" &>"$_temp_file2" &
 
 #systemd-firewalling-params
 yad --key=$_NUMBER --notebook --stack --expand --tab=$"Audit" --tab=$"Network" \
@@ -112,7 +112,7 @@ yad --key=$_NUMBER --notebook --stack --expand --tab=$"Audit" --tab=$"Network" \
 # If we clicked on the "Load default" button, we decided to restore the settings.
 # The exit code after clicking on this button is 3. We restore the config if we clicked on this button
 if [ "$_status" == 3 ]; then
-	_mk_auditd_config || { error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
+	_mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
 
 fi	
 
@@ -120,8 +120,12 @@ var="$(<"$_temp_file1")$(<"$_temp_file2")"
 
 # If we decide to undo the changes and not change anything, the var variable will be empty.
 [ -z "$var" ] && exit 0
-
 # The default delimiter in yad is |
+while read -rd '|' line; do
+	echo $line
+done <<<"$var" | sed '/^$/d'
+#exit 0
+
 var2="$(while read -rd '|' line; do
 	echo $line
 done <<<"$var" | sed '/^$/d' | \
@@ -153,5 +157,6 @@ done <<<"$var" | sed '/^$/d' | \
 	    ;24s/^/--systemd_allowed_ip_list /
 	    ;25s/^/--systemd_denied_ip_list /' | tr '\n' ' ')"
 set -e
-_mk_auditd_config $var2 || { error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
-_write_auditd_config || { error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
+echo "$var2"
+_mk_auditd_config $var2 || { _yad_error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
+_write_auditd_config || { _yad_error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
diff --git a/front_pwquality.sh b/front_pwquality.sh
index 7ac8251..d3b5a41 100644
--- a/front_pwquality.sh
+++ b/front_pwquality.sh
@@ -24,13 +24,13 @@ fi
 
 # In case the config was changed manually, or there were errors in it,
 # we check whether everything can be parsed correctly, and if not, it outputs an error
-while read -r line; do declare "$line" || { error $"Unable to parse %s correctly; execute \n%s" "${VAR_DIR_PWQUALITY}/pw_changed" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf)
+while read -r line; do declare "$line" || { _yad_error $"Unable to parse %s correctly; execute \n%s" "${VAR_DIR_PWQUALITY}/pw_changed" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf)
 
 # For yad checkboxes, the words TRUE or FALSE are required.
 # We change the following parameters 0 to FALSE and 1 to TRUE
 for i in gecoscheck enforce_for_root local_users_only dictcheck usercheck enforcing; do
 	# The variables have the same name as the lines in the config
-	eval 'if [[ $'$i' == 1 ]]; then declare $i=TRUE; else declare $i=FALSE; fi' || { error $"Unable to set variable %s" "$i"; exit 1; }
+	eval 'if [[ $'$i' == 1 ]]; then declare $i=TRUE; else declare $i=FALSE; fi' || { _yad_error $"Unable to set variable %s" "$i"; exit 1; }
 done
 
 _tag1="<span weight='bold'>"
@@ -86,7 +86,7 @@ var="$(yad --title="linux-infosec-setupper: pwquality" --form \
 # If we clicked on the "Load default" button, we decided to restore the settings.
 # The exit code after clicking on this button is 3. We restore the config if we clicked on this button
 if [ "$_status" == 3 ]; then
-	cat "$PW_DEFAULT" > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
+	cat "$PW_DEFAULT" > "${DESTDIR}/etc/security/pwquality.conf" || { _yad_error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
 fi	
 
 # If we decide to undo the changes and not change anything, the var variable will be empty.
@@ -117,4 +117,4 @@ done <<<"$var" | sed '/^$/d' | \
 	    ;17s/^/--enforce_for_root /
 	    ;18s/^/--local_users_only /' | tr '\n' ' ')"
 
-_mk_pwquality_conf $var2 > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
+_mk_pwquality_conf $var2 > "${DESTDIR}/etc/security/pwquality.conf" || { _yad_error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }