Merge branch 'master' of ssh://srv1.dumalogiya.ru:3251/nixteam/linux-infosec-setupper

1

@@ -1,7 +0,0 @@
-#!/bin/bash
-lol() {
-	echo "$@"
-	echo -----
-	echo "$*"
-}
-lol $(echo -e "1\n2\n3")

back_pwquality.sh

@@ -7,7 +7,7 @@ _mk_pwquality_conf() {
 	local difok=1 \
 	      minlen=8 \
 	      dcredit=0 \
-	      uncredit=0 \
+	      ucredit=0 \
 	      lcredit=0 \
 	      ocredit=0 \
 	      minclass=0 \
@@ -27,9 +27,123 @@ _mk_pwquality_conf() {
 	while [ -n "$1" ]; do
 		case "$1" in
 			--difok) shift;
-				 _check_argument "$1" "--difok"
-				 ;;
-			--minlen)
-		 esac
-	 done
- }
+				_check_argument_is_number "$1" "--difok"
+				difok="$1"
+				shift
+		;;
+			--minlen) shift;
+				_check_argument_value "$1" "6" "--minlen"
+				minlen="$1"
+				shift
+		;;
+			--dcredit) shift;
+				_check_argument_is_number "$1" "--dcredit" "-"
+				dcredit="$1"
+				shift
+		;;
+			--ucredit) shift;
+				_check_argument_is_number "$1" "--ucredit" "-"
+				ucredit="$1"
+				shift
+		;;
+			--lcredit) shift;
+				_check_argument_is_number "$1" "--lcredit" "-"
+				lcredit="$1"
+				shift
+		;;
+			--ocredit) shift;
+				_check_argument_is_number "$1" "--ocredit" "-"
+				ocredit="$1"
+				shift
+		;;
+			--minclass) shift;
+				_check_argument_is_number "$1" "--minclass"
+				minclass="$1"
+				shift
+		;;
+			--maxrepeat) shift;
+			 	_check_argument_is_number "$1" "--maxrepeat"
+				maxrepeat="$1"
+				shift
+		;;
+			--maxsequence) shift;
+				_check_argument_is_number "$1" "--maxsequence"
+				maxsequence="$1"
+				shift
+		;;
+			--maxclassrepeat) shift;
+				_check_argument_is_number "$1" "--maxclassrepeat"
+				maxclassrepeat="$1"
+		;;
+			--gecoscheck) shift;
+				_check_argument_is_number "$1" "--gecoscheck"
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				geoscheck="$1"
+				shift
+		;;
+			--dictcheck) shift;
+				_check_argument_is_number "$1" "--dictcheck"
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				dickcheck="$1"
+				shift
+		;;
+			--usercheck) shift;
+				echo 1
+				_check_argument_is_number "$1" "--usercheck"
+				echo 2
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				echo 3
+				usercheck="$1"
+				echo 4
+				shift
+		;;
+			--usersubstr) shift;
+				_check_argument_is_number "$1" "--usersubstr"
+				usersubstr="$1"
+				shift
+		;;
+			--enforcing) shift;
+				_check_argument_is_number "$1" "--enforcing"
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				enforcing="$1"
+				shift
+		;;
+			--retry) shift;
+				_check_argument_is_number "$1" "--retry"
+				shift
+		;;
+			--enforce_for_root) shift;
+				_check_argument_is_number "$1" "--enforce_for_root"
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				enforce_for_root="$1"
+				shift
+		;;
+			--local_users_only) shift;
+				_check_argument_is_number "$1" "--local_users_only"
+				[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
+				local_users_only="$1"
+				shift
+		;;
+		esac
+	done
+cat <<EOF
+difok = $difok
+minlen = $minlen
+dcredit = $dcredit
+ucredit = $ucredit
+lcredit = $lcredit
+ocredit = $ocredit
+minclass = $minclass
+maxrepeat = $maxrepeat
+maxsequence = $maxsequence
+maxclassrepeat = $maxclassrepeat
+gecoscheck = $gecoscheck
+dictcheck = $dictcheck
+usercheck = $usercheck
+usersubstr = $usersubstr
+enforcing = $enforcing
+retry = $retry
+EOF
+[ "$enforce_for_root" == 1 ] && echo "enforce_for_root"
+[ "$local_users_only" == 1 ] && echo "local_users_only"
+}

common.sh

@@ -17,6 +17,9 @@ _check_argument_is_number() {
 	if [[ "$1" == [0-9]* ]]; then
 		return 0
 	else
+		if [ -n "$3" ]; then
+			grep -Exq -- "(\-|\+)[0-9]*" <<< "$1" && return 0
+		fi
 		error $"Argument to %s must be a number" "$2"
 		return 1
 	fi

stock/pwquality.conf

@@ -1,79 +0,0 @@
-# Configuration for systemwide password quality limits
-# Defaults:
-#
-# Number of characters in the new password that must not be present in the
-# old password.
-# difok = 1
-#
-# Minimum acceptable size for the new password (plus one if
-# credits are not disabled which is the default). (See pam_cracklib manual.)
-# Cannot be set to lower value than 6.
-# minlen = 8
-#
-# The maximum credit for having digits in the new password. If less than 0
-# it is the minimum number of digits in the new password.
-# dcredit = 0
-#
-# The maximum credit for having uppercase characters in the new password.
-# If less than 0 it is the minimum number of uppercase characters in the new
-# password.
-# ucredit = 0
-#
-# The maximum credit for having lowercase characters in the new password.
-# If less than 0 it is the minimum number of lowercase characters in the new
-# password.
-# lcredit = 0
-#
-# The maximum credit for having other characters in the new password.
-# If less than 0 it is the minimum number of other characters in the new
-# password.
-# ocredit = 0
-#
-# The minimum number of required classes of characters for the new
-# password (digits, uppercase, lowercase, others).
-# minclass = 0
-#
-# The maximum number of allowed consecutive same characters in the new password.
-# The check is disabled if the value is 0.
-# maxrepeat = 0
-#
-# The maximum number of allowed consecutive characters of the same class in the
-# new password.
-# The check is disabled if the value is 0.
-# maxclassrepeat = 0
-#
-# Whether to check for the words from the passwd entry GECOS string of the user.
-# The check is enabled if the value is not 0.
-# gecoscheck = 0
-#
-# Whether to check for the words from the cracklib dictionary.
-# The check is enabled if the value is not 0.
-# dictcheck = 1
-#
-# Whether to check if it contains the user name in some form.
-# The check is enabled if the value is not 0.
-# usercheck = 1
-#
-# Length of substrings from the username to check for in the password
-# The check is enabled if the value is greater than 0 and usercheck is enabled.
-# usersubstr = 0
-#
-# Whether the check is enforced by the PAM module and possibly other
-# applications.
-# The new password is rejected if it fails the check and the value is not 0.
-# enforcing = 1
-#
-# Path to the cracklib dictionaries. Default is to use the cracklib default.
-# dictpath =
-#
-# Prompt user at most N times before returning with error. The default is 1.
-# retry = 3
-#
-# Enforces pwquality checks on the root user password.
-# Enabled if the option is present.
-# enforce_for_root
-#
-# Skip testing the password quality for users that are not present in the
-# /etc/passwd file.
-# Enabled if the option is present.
-# local_users_only

test_common.sh

@@ -6,13 +6,13 @@ TESTING=1
 
 . ./common.sh
 
-_check_argument_is_number 123 "this" || failed="$((++failed))"
+! _check_argument_is_number 123 "this" && failed="$((++failed))"
 _check_argument_is_number NotNumber "this" && failed="$((++failed))"
 
-_check_argument_value 8 7 "this" || failed="$((++failed))"
+! _check_argument_value 8 7 "this" && failed="$((++failed))"
 _check_argument_value 1 7 "this" && failed="$((++failed))"
 
-_check_argument_is_string "Hello" "this" || failed="$((++failed))"
+! _check_argument_is_string "Hello" "this" && failed="$((++failed))"
 _check_argument_is_string "Hello world" "this" && failed="$((++failed))"