add polkit policy to run from root, add more translations

3 years ago · dc5e9c1999
parent bba0c3cf9f
commit dc5e9c1999
6 changed files with 114 additions and 37 deletions
--- a/12
+++ b/12
@ -3,15 +3,19 @@ all:

 install:
 	# bin is for scripts which will run sbin/* via pkexec
-	#mkdir -p $(DESTDIR)/usr/bin
+	mkdir -p $(DESTDIR)/usr/bin
 	# sbin is for executables
 	mkdir -p $(DESTDIR)/usr/sbin
 	install -m0755 front_auditd_cli.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-auditd-cli
+	install -m0755 front_pwquality_cli.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-pwquality-cli
+	install -m0755 front_pwquality.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-pwquality-gui
 	mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper
 	mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/audit
-	#mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality
+	mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality
+	install -m0644 pw_default $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality/pw_default
 	install -m0644 common.sh $(DESTDIR)/usr/share/linux-infosec-setupper/common.sh
 	install -m0644 back_auditd.sh $(DESTDIR)/usr/share/linux-infosec-setupper/audit/back_auditd.sh
+	install -m0644 back_pwquality.sh $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh
 	mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper
 	mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper/audit
 	#mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper/pwquality
@ -20,6 +24,10 @@ install:
 	mkdir -p $(DESTDIR)/usr/share/locale/ru/LC_MESSAGES
 	msgfmt -o $(DESTDIR)/usr/share/locale/ru/LC_MESSAGES/linux-infosec-setupper.mo po/ru.po

+	mkdir -p $(DESTDIR)/usr/share/polkit-1/actions
+	install -m0644 polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy $(DESTDIR)/usr/share/polkit-1/actions/
+	install -m0755 polkit/linux-infosec-setupper-pwquality-gui.sh $(DESTDIR)/usr/bin/linux-infosec-setupper-pwquality-gui
+
 rpm:
 	# https://stackoverflow.com/a/1909390
 	$(eval TMP := $(shell mktemp --suffix=.tar.gz))
--- a/linux-infosec-setupper.spec
+++ b/linux-infosec-setupper.spec
@ -1,7 +1,7 @@
 Name: linux-infosec-setupper
 Summary: CLI and GUI utilities to setup information security-related parts of Linux
 License: GPLv3
-Group: System/Base
+Group: System/Configuration/Other
 Version: 0.1
 Release: 1
 Source0: %{name}-%{version}.tar.gz
@ -17,7 +17,7 @@ BuildRequires: gettext

 %package common
 Summary: Common parts for subpackages of %{name}
-Group: System/Base
+Group: System/Configuration/Other
 Requires: awk
 Requires: bash
 Requires: coreutils
@ -37,7 +37,7 @@ Common parts for subpackages of %{name}

 %package auditd-cli
 Summary: CLI and backend to setup auditd configs
-Group: System/Base
+Group: System/Configuration/Other
 Requires: %{name}-common = %{version}-%{release}
 Requires: audit

@ -53,6 +53,48 @@ CLI and backend to setup auditd configs

 #-----------------------------------------------------------------------------------

+%package pwquality-cli
+Summary: CLI and backend to setup pwquality configs
+Group: System/Configuration/Other
+Requires: %{name}-common = %{version}-%{release}
+%if 0%{mdvver}
+Requires: pam_pwquality
+Requires: libpwquality-common
+%else
+# redhat
+Requires: libpwquality
+%endif
+
+%description pwquality-cli
+CLI and backend to setup pwquality configs
+
+%files pwquality-cli
+%{_sbindir}/linux-infosec-setupper-pwquality-cli
+%dir %{_datadir}/linux-infosec-setupper/pwquality
+%{_datadir}/linux-infosec-setupper/pwquality/back_pwquality.sh
+%{_datadir}/linux-infosec-setupper/pwquality/pw_default
+%dir %attr(0700,root,root) /var/lib/linux-infosec-setupper/pwquality
+%ghost /var/lib/linux-infosec-setupper/pwquality/pw_changed
+
+#-----------------------------------------------------------------------------------
+
+%package pwquality-gui
+Summary: GUI to setup pwquality configs
+Group: System/Configuration/Other
+Requires: %{name}-pwquality-cli = %{version}-%{release}
+Requires: yad
+Recommends: polkit
+
+%description pwquality-gui
+GUI to setup pwquality configs
+
+%files pwquality-gui
+%{_sbindir}/linux-infosec-setupper-pwquality-gui
+%{_bindir}/linux-infosec-setupper-pwquality-gui
+%{_datadir}/polkit-1/actions/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
+
+#-----------------------------------------------------------------------------------
+
 %prep
 %autosetup -p1 -c

@ -64,7 +106,9 @@ CLI and backend to setup auditd configs

 # ghost files
 mkdir -p %{buildroot}/var/lib/linux-infosec-setupper/audit/
+mkdir -p %{buildroot}/var/lib/linux-infosec-setupper/pwquality/
 touch %{buildroot}/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
+touch %{buildroot}/var/lib/linux-infosec-setupper/pwquality/pw_changed

 %check
 bash -x ./test_back_auditd.sh
--- a/po/ru.po
+++ b/po/ru.po
@ -104,88 +104,87 @@ msgstr ""
 #: ../back_pwquality.sh:59 ../back_pwquality.sh:64 ../back_pwquality.sh:69
 #: ../back_pwquality.sh:78 ../back_pwquality.sh:87 ../back_pwquality.sh:92
 msgid "The received parameters are not correct. Expected %s, received %s"
-msgstr ""
+msgstr "полученные параметры неправильны. Ожидалось %s, а получено %s"

 #: ../back_pwquality.sh:59 ../back_pwquality.sh:64 ../back_pwquality.sh:69
 #: ../back_pwquality.sh:78 ../back_pwquality.sh:87 ../back_pwquality.sh:92
 msgid "0 or 1"
-msgstr ""
+msgstr "0 или 1"

 #: ../common.sh:49
-#, fuzzy
 msgid "Argument to %s must be a number"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значением %s должно быть число"

 #: ../common.sh:58
 #, fuzzy
 msgid "Argument to %s must be greater than %s"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s должно быть больше значения %s"

 #: ../common.sh:69
 msgid "Argument to %s must be a string without spaces"
-msgstr ""
+msgstr "Значение %s должно быть строкой без пробелов"

 #: ../common.sh:83
-#, fuzzy
 msgid "Value of %s is empty, set yes or no"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s пусто, задайте yes или no"

 #: ../common.sh:87
 msgid "String %s is not a boolean, set yes or no"
-msgstr ""
+msgstr "Строка %s не является булеановым значением, задайте yes или no"

 #: ../common.sh:98
-#, fuzzy
 msgid "Value of %s must be a non-negative number"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s должно быть целым числом больше нуля"

 #: ../common.sh:105
 msgid "%s is not a correct email"
-msgstr ""
+msgstr "%s не является валидным адресом электропочты"

 #: ../front_auditd_cli.sh:17
 msgid "This is generator of auditd config"
-msgstr ""
+msgstr "Это генератор конфига auditd"

 #: ../front_auditd_cli.sh:18
 msgid "Run as: %s [--parameter value] [--parameter value]"
-msgstr ""
+msgstr "Запускайте его так: %s [--параметр значение] [--параметр значение]"

 #: ../front_auditd_cli.sh:19
 msgid "Supported parameters of auditd and their default values are:"
-msgstr ""
+msgstr "Поддерживаемые параметров auditd и их значения по умолчанию таковы:"

 #: ../front_pwquality_cli.sh:18 ../front_pwquality_cli.sh:19
 #: ../front_pwquality_cli.sh:83 ../front_pwquality.sh:19
 #: ../front_pwquality.sh:20 ../front_pwquality.sh:87 ../front_pwquality.sh:119
 msgid "Unable to write to file %s"
-msgstr ""
+msgstr "Невозможно записать в файл %s"

 #: ../front_pwquality_cli.sh:37
 msgid "No arguments specified"
-msgstr ""
+msgstr "Не передано никаких аргументов"

 #: ../front_pwquality_cli.sh:42
 msgid "Usage: #NAME# --[OPTIONS...]"
-msgstr ""
+msgstr "Использование: #NAME# --[OPTIONS...]"

 #: ../front_pwquality_cli.sh:43
 msgid "  example: #NAME# --difok 6"
-msgstr ""
+msgstr "  пример: #NAME# --difok 6"

 #: ../front_pwquality_cli.sh:44
 msgid "  example: #NAME# d 6"
-msgstr ""
+msgstr "   пример: #NAME# d 6"

 #: ../front_pwquality_cli.sh:45
 msgid ""
 "#NAME# allows you to manage the file configuration for pwquality in the cli "
 "option. A GUI version is also available: #NAME2#"
 msgstr ""
+"#NAME# позволяет управлять конфигом pwquality через cli. "
+"Также доступна гарфическая версия: #NAME2#"

 #: ../front_pwquality_cli.sh:47
 msgid "  Options:"
-msgstr ""
+msgstr "  Параметры:"

 #: ../front_pwquality_cli.sh:48
 msgid ""
@ -296,7 +295,7 @@ msgstr ""

 #: ../front_pwquality.sh:31
 msgid "Unable to set variable %s"
-msgstr ""
+msgstr "Невозможно установить переменную %s"

 #: ../front_pwquality.sh:37
 msgid "linux-infosec-setupper"
@ -304,11 +303,11 @@ msgstr ""

 #: ../front_pwquality.sh:37
 msgid "<span size='xx-large' weight='bold'>Password policies setup</span>"
-msgstr ""
+msgstr "<span size='xx-large' weight='bold'>Настройка политики сложности паролей</span>"

 #: ../front_pwquality.sh:37
 msgid "Load defaults!view-refresh:3"
-msgstr ""
+msgstr "Сбросить настройки!view-refresh:3"

 #: ../front_pwquality.sh:37
 msgid "yad-save:0"
@ -323,6 +322,7 @@ msgid ""
 "Number of characters in the new password that must not be present in the old "
 "password::LBL"
 msgstr ""
+"Количество символов из нового пароля, которых не должно быть в старом пароле::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (difok)${_tag2}:NUM"
@ -330,7 +330,7 @@ msgstr ""

 #: ../front_pwquality.sh:37
 msgid "Minimum acceptable size for the new password::LBL"
-msgstr ""
+msgstr "Минимальный допустимый размер нового пароля::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (minlen)${_tag2}:NUM"
@ -338,7 +338,7 @@ msgstr ""

 #: ../front_pwquality.sh:37
 msgid "The maximum credit for having digits in the new password::LBL"
-msgstr ""
+msgstr "Максималньый кредит на цифры в новом пароле::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (dcredit)${_tag2}:NUM"
@ -347,7 +347,7 @@ msgstr ""
 #: ../front_pwquality.sh:37
 msgid ""
 "The maximum credit for having uppercase characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на заглавные буквы в новом пароле::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (ucredit)${_tag2}:NUM"
@ -356,7 +356,7 @@ msgstr ""
 #: ../front_pwquality.sh:37
 msgid ""
 "The maximum credit for having lowercase characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на строчные буквы в новом пароле::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (lcredit)${_tag2}:NUM"
@ -364,7 +364,7 @@ msgstr ""

 #: ../front_pwquality.sh:37
 msgid "The maximum credit for having other characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на осталньые символы в новом пароле"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (ocredit)${_tag2}:NUM"
@ -374,7 +374,7 @@ msgstr ""
 msgid ""
 "The minimum number of required classes of characters for the new password::"
 "LBL"
-msgstr ""
+msgstr "Минимальное необходимое кол-во типов символов в новом пароле::LBL"

 #: ../front_pwquality.sh:37
 msgid "${_tag1}Value (minclass)${_tag2}:NUM"
--- a/polkit/linux-infosec-setupper-pwquality-gui.sh
+++ b/polkit/linux-infosec-setupper-pwquality-gui.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+pkexec /usr/sbin/linux-infosec-setupper-pwquality-gui $@
--- a/polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
+++ b/polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+    <vendor>NixTux</vendor>
+    <vendor_url>https://nixtux.ru</vendor_url>
+    <icon_name>gcr-key</icon_name>
+    <action id="org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui">
+
+	<description>GUI to setup pwquality configs</description>
+	<description xml:lang="ru">Графический инструмент для настройки политики сложности паролей</description>
+	<message>Enter password to run it</message>
+	<message xml:lang="ru">Введите пароль для запуска</message>
+	<defaults>
+	<allow_any>auth_admin</allow_any>
+	<allow_inactive>auth_admin</allow_inactive>
+	<allow_active>auth_admin</allow_active>
+	</defaults>
+	<annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/linux-infosec-setupper-pwquality-gui</annotate>
+	<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+    </action>
+</policyconfig>
--- a/test_back_auditd.sh
+++ b/test_back_auditd.sh
@ -29,9 +29,9 @@ _main(){
 	  [ "$(md5sum "${DESTDIR}"/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf | awk '{print $1}')" = 27f8c93280d21e8b0d4b399ac234b663 ] ;} || \
    { echo failed test 2; failed="$((++failed))"; }
    _mk_auditd_config --log_group root || { echo failed test 3; failed="$((++failed))"; }
-    [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 86564ff0e5e2137f49415186487f0152 ] || { echo failed test 4; failed="$((++failed))"; }
+    [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 83a7bb6d8d24378e398d597430e27f0e ] || { echo failed test 4; failed="$((++failed))"; }
    _mk_auditd_config || { echo failed test 5; failed="$((++failed))"; }
-    [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 86564ff0e5e2137f49415186487f0152 ] || { echo failed test 6; failed="$((++failed))"; }
+    [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 83a7bb6d8d24378e398d597430e27f0e ] || { echo failed test 6; failed="$((++failed))"; }
    ! _mk_auditd_config --local_events xuy || { echo failed test 7; failed="$((++failed))"; }
    _mk_auditd_config --systemd-firewalling-params "--IPAddressDeny any --IPAddressAllow 192.168.10.1/24 --IPAddressAllow 192.168.20.1" || { echo failed test 8; failed="$((++failed))"; }
    [ "$(md5sum "${DESTDIR}"/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf | awk '{print $1}')" = 27f8c93280d21e8b0d4b399ac234b663 ] || { echo failed test 9; failed="$((++failed))"; }