diff --git a/Makefile b/Makefile
index 43056e3..13c5d0b 100644
--- a/Makefile
+++ b/Makefile
@@ -3,15 +3,19 @@ all:
install:
# bin is for scripts which will run sbin/* via pkexec
- #mkdir -p $(DESTDIR)/usr/bin
+ mkdir -p $(DESTDIR)/usr/bin
# sbin is for executables
mkdir -p $(DESTDIR)/usr/sbin
install -m0755 front_auditd_cli.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-auditd-cli
+ install -m0755 front_pwquality_cli.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-pwquality-cli
+ install -m0755 front_pwquality.sh $(DESTDIR)/usr/sbin/linux-infosec-setupper-pwquality-gui
mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper
mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/audit
- #mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality
+ mkdir -p $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality
+ install -m0644 pw_default $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality/pw_default
install -m0644 common.sh $(DESTDIR)/usr/share/linux-infosec-setupper/common.sh
install -m0644 back_auditd.sh $(DESTDIR)/usr/share/linux-infosec-setupper/audit/back_auditd.sh
+ install -m0644 back_pwquality.sh $(DESTDIR)/usr/share/linux-infosec-setupper/pwquality/back_pwquality.sh
mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper
mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper/audit
#mkdir -p $(DESTDIR)/var/lib/linux-infosec-setupper/pwquality
@@ -20,6 +24,10 @@ install:
mkdir -p $(DESTDIR)/usr/share/locale/ru/LC_MESSAGES
msgfmt -o $(DESTDIR)/usr/share/locale/ru/LC_MESSAGES/linux-infosec-setupper.mo po/ru.po
+ mkdir -p $(DESTDIR)/usr/share/polkit-1/actions
+ install -m0644 polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy $(DESTDIR)/usr/share/polkit-1/actions/
+ install -m0755 polkit/linux-infosec-setupper-pwquality-gui.sh $(DESTDIR)/usr/bin/linux-infosec-setupper-pwquality-gui
+
rpm:
# https://stackoverflow.com/a/1909390
$(eval TMP := $(shell mktemp --suffix=.tar.gz))
diff --git a/linux-infosec-setupper.spec b/linux-infosec-setupper.spec
index 4b11bdb..57df01d 100644
--- a/linux-infosec-setupper.spec
+++ b/linux-infosec-setupper.spec
@@ -1,7 +1,7 @@
Name: linux-infosec-setupper
Summary: CLI and GUI utilities to setup information security-related parts of Linux
License: GPLv3
-Group: System/Base
+Group: System/Configuration/Other
Version: 0.1
Release: 1
Source0: %{name}-%{version}.tar.gz
@@ -17,7 +17,7 @@ BuildRequires: gettext
%package common
Summary: Common parts for subpackages of %{name}
-Group: System/Base
+Group: System/Configuration/Other
Requires: awk
Requires: bash
Requires: coreutils
@@ -37,7 +37,7 @@ Common parts for subpackages of %{name}
%package auditd-cli
Summary: CLI and backend to setup auditd configs
-Group: System/Base
+Group: System/Configuration/Other
Requires: %{name}-common = %{version}-%{release}
Requires: audit
@@ -53,6 +53,48 @@ CLI and backend to setup auditd configs
#-----------------------------------------------------------------------------------
+%package pwquality-cli
+Summary: CLI and backend to setup pwquality configs
+Group: System/Configuration/Other
+Requires: %{name}-common = %{version}-%{release}
+%if 0%{mdvver}
+Requires: pam_pwquality
+Requires: libpwquality-common
+%else
+# redhat
+Requires: libpwquality
+%endif
+
+%description pwquality-cli
+CLI and backend to setup pwquality configs
+
+%files pwquality-cli
+%{_sbindir}/linux-infosec-setupper-pwquality-cli
+%dir %{_datadir}/linux-infosec-setupper/pwquality
+%{_datadir}/linux-infosec-setupper/pwquality/back_pwquality.sh
+%{_datadir}/linux-infosec-setupper/pwquality/pw_default
+%dir %attr(0700,root,root) /var/lib/linux-infosec-setupper/pwquality
+%ghost /var/lib/linux-infosec-setupper/pwquality/pw_changed
+
+#-----------------------------------------------------------------------------------
+
+%package pwquality-gui
+Summary: GUI to setup pwquality configs
+Group: System/Configuration/Other
+Requires: %{name}-pwquality-cli = %{version}-%{release}
+Requires: yad
+Recommends: polkit
+
+%description pwquality-gui
+GUI to setup pwquality configs
+
+%files pwquality-gui
+%{_sbindir}/linux-infosec-setupper-pwquality-gui
+%{_bindir}/linux-infosec-setupper-pwquality-gui
+%{_datadir}/polkit-1/actions/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
+
+#-----------------------------------------------------------------------------------
+
%prep
%autosetup -p1 -c
@@ -64,7 +106,9 @@ CLI and backend to setup auditd configs
# ghost files
mkdir -p %{buildroot}/var/lib/linux-infosec-setupper/audit/
+mkdir -p %{buildroot}/var/lib/linux-infosec-setupper/pwquality/
touch %{buildroot}/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
+touch %{buildroot}/var/lib/linux-infosec-setupper/pwquality/pw_changed
%check
bash -x ./test_back_auditd.sh
diff --git a/po/ru.po b/po/ru.po
index c8ea7b1..ee57991 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -104,88 +104,87 @@ msgstr ""
#: ../back_pwquality.sh:59 ../back_pwquality.sh:64 ../back_pwquality.sh:69
#: ../back_pwquality.sh:78 ../back_pwquality.sh:87 ../back_pwquality.sh:92
msgid "The received parameters are not correct. Expected %s, received %s"
-msgstr ""
+msgstr "полученные параметры неправильны. Ожидалось %s, а получено %s"
#: ../back_pwquality.sh:59 ../back_pwquality.sh:64 ../back_pwquality.sh:69
#: ../back_pwquality.sh:78 ../back_pwquality.sh:87 ../back_pwquality.sh:92
msgid "0 or 1"
-msgstr ""
+msgstr "0 или 1"
#: ../common.sh:49
-#, fuzzy
msgid "Argument to %s must be a number"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значением %s должно быть число"
#: ../common.sh:58
#, fuzzy
msgid "Argument to %s must be greater than %s"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s должно быть больше значения %s"
#: ../common.sh:69
msgid "Argument to %s must be a string without spaces"
-msgstr ""
+msgstr "Значение %s должно быть строкой без пробелов"
#: ../common.sh:83
-#, fuzzy
msgid "Value of %s is empty, set yes or no"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s пусто, задайте yes или no"
#: ../common.sh:87
msgid "String %s is not a boolean, set yes or no"
-msgstr ""
+msgstr "Строка %s не является булеановым значением, задайте yes или no"
#: ../common.sh:98
-#, fuzzy
msgid "Value of %s must be a non-negative number"
-msgstr "Значением %s должно быть %s или %s"
+msgstr "Значение %s должно быть целым числом больше нуля"
#: ../common.sh:105
msgid "%s is not a correct email"
-msgstr ""
+msgstr "%s не является валидным адресом электропочты"
#: ../front_auditd_cli.sh:17
msgid "This is generator of auditd config"
-msgstr ""
+msgstr "Это генератор конфига auditd"
#: ../front_auditd_cli.sh:18
msgid "Run as: %s [--parameter value] [--parameter value]"
-msgstr ""
+msgstr "Запускайте его так: %s [--параметр значение] [--параметр значение]"
#: ../front_auditd_cli.sh:19
msgid "Supported parameters of auditd and their default values are:"
-msgstr ""
+msgstr "Поддерживаемые параметров auditd и их значения по умолчанию таковы:"
#: ../front_pwquality_cli.sh:18 ../front_pwquality_cli.sh:19
#: ../front_pwquality_cli.sh:83 ../front_pwquality.sh:19
#: ../front_pwquality.sh:20 ../front_pwquality.sh:87 ../front_pwquality.sh:119
msgid "Unable to write to file %s"
-msgstr ""
+msgstr "Невозможно записать в файл %s"
#: ../front_pwquality_cli.sh:37
msgid "No arguments specified"
-msgstr ""
+msgstr "Не передано никаких аргументов"
#: ../front_pwquality_cli.sh:42
msgid "Usage: #NAME# --[OPTIONS...]"
-msgstr ""
+msgstr "Использование: #NAME# --[OPTIONS...]"
#: ../front_pwquality_cli.sh:43
msgid " example: #NAME# --difok 6"
-msgstr ""
+msgstr " пример: #NAME# --difok 6"
#: ../front_pwquality_cli.sh:44
msgid " example: #NAME# d 6"
-msgstr ""
+msgstr " пример: #NAME# d 6"
#: ../front_pwquality_cli.sh:45
msgid ""
"#NAME# allows you to manage the file configuration for pwquality in the cli "
"option. A GUI version is also available: #NAME2#"
msgstr ""
+"#NAME# позволяет управлять конфигом pwquality через cli. "
+"Также доступна гарфическая версия: #NAME2#"
#: ../front_pwquality_cli.sh:47
msgid " Options:"
-msgstr ""
+msgstr " Параметры:"
#: ../front_pwquality_cli.sh:48
msgid ""
@@ -296,7 +295,7 @@ msgstr ""
#: ../front_pwquality.sh:31
msgid "Unable to set variable %s"
-msgstr ""
+msgstr "Невозможно установить переменную %s"
#: ../front_pwquality.sh:37
msgid "linux-infosec-setupper"
@@ -304,11 +303,11 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid "Password policies setup"
-msgstr ""
+msgstr "Настройка политики сложности паролей"
#: ../front_pwquality.sh:37
msgid "Load defaults!view-refresh:3"
-msgstr ""
+msgstr "Сбросить настройки!view-refresh:3"
#: ../front_pwquality.sh:37
msgid "yad-save:0"
@@ -323,6 +322,7 @@ msgid ""
"Number of characters in the new password that must not be present in the old "
"password::LBL"
msgstr ""
+"Количество символов из нового пароля, которых не должно быть в старом пароле::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (difok)${_tag2}:NUM"
@@ -330,7 +330,7 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid "Minimum acceptable size for the new password::LBL"
-msgstr ""
+msgstr "Минимальный допустимый размер нового пароля::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (minlen)${_tag2}:NUM"
@@ -338,7 +338,7 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid "The maximum credit for having digits in the new password::LBL"
-msgstr ""
+msgstr "Максималньый кредит на цифры в новом пароле::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (dcredit)${_tag2}:NUM"
@@ -347,7 +347,7 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid ""
"The maximum credit for having uppercase characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на заглавные буквы в новом пароле::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (ucredit)${_tag2}:NUM"
@@ -356,7 +356,7 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid ""
"The maximum credit for having lowercase characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на строчные буквы в новом пароле::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (lcredit)${_tag2}:NUM"
@@ -364,7 +364,7 @@ msgstr ""
#: ../front_pwquality.sh:37
msgid "The maximum credit for having other characters in the new password::LBL"
-msgstr ""
+msgstr "Максимальный кредит на осталньые символы в новом пароле"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (ocredit)${_tag2}:NUM"
@@ -374,7 +374,7 @@ msgstr ""
msgid ""
"The minimum number of required classes of characters for the new password::"
"LBL"
-msgstr ""
+msgstr "Минимальное необходимое кол-во типов символов в новом пароле::LBL"
#: ../front_pwquality.sh:37
msgid "${_tag1}Value (minclass)${_tag2}:NUM"
diff --git a/polkit/linux-infosec-setupper-pwquality-gui.sh b/polkit/linux-infosec-setupper-pwquality-gui.sh
new file mode 100644
index 0000000..4007798
--- /dev/null
+++ b/polkit/linux-infosec-setupper-pwquality-gui.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+pkexec /usr/sbin/linux-infosec-setupper-pwquality-gui $@
diff --git a/polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy b/polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
new file mode 100644
index 0000000..bedb988
--- /dev/null
+++ b/polkit/org.nixtux.pkexec.linux-infosec-setupper-pwquality-gui.policy
@@ -0,0 +1,23 @@
+
+
+
+
+ NixTux
+ https://nixtux.ru
+ gcr-key
+
+
+ GUI to setup pwquality configs
+ Графический инструмент для настройки политики сложности паролей
+ Enter password to run it
+ Введите пароль для запуска
+
+ auth_admin
+ auth_admin
+ auth_admin
+
+ /usr/sbin/linux-infosec-setupper-pwquality-gui
+ true
+
+
diff --git a/test_back_auditd.sh b/test_back_auditd.sh
index e180597..c8b4332 100755
--- a/test_back_auditd.sh
+++ b/test_back_auditd.sh
@@ -29,9 +29,9 @@ _main(){
[ "$(md5sum "${DESTDIR}"/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf | awk '{print $1}')" = 27f8c93280d21e8b0d4b399ac234b663 ] ;} || \
{ echo failed test 2; failed="$((++failed))"; }
_mk_auditd_config --log_group root || { echo failed test 3; failed="$((++failed))"; }
- [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 86564ff0e5e2137f49415186487f0152 ] || { echo failed test 4; failed="$((++failed))"; }
+ [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 83a7bb6d8d24378e398d597430e27f0e ] || { echo failed test 4; failed="$((++failed))"; }
_mk_auditd_config || { echo failed test 5; failed="$((++failed))"; }
- [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 86564ff0e5e2137f49415186487f0152 ] || { echo failed test 6; failed="$((++failed))"; }
+ [ "$(md5sum "${VAR_DIR_AUDIT}/auditd-conf.sh" | awk '{print $1}')" = 83a7bb6d8d24378e398d597430e27f0e ] || { echo failed test 6; failed="$((++failed))"; }
! _mk_auditd_config --local_events xuy || { echo failed test 7; failed="$((++failed))"; }
_mk_auditd_config --systemd-firewalling-params "--IPAddressDeny any --IPAddressAllow 192.168.10.1/24 --IPAddressAllow 192.168.20.1" || { echo failed test 8; failed="$((++failed))"; }
[ "$(md5sum "${DESTDIR}"/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf | awk '{print $1}')" = 27f8c93280d21e8b0d4b399ac234b663 ] || { echo failed test 9; failed="$((++failed))"; }