|
|
@ -4,6 +4,7 @@ set -e
|
|
|
|
source common.sh
|
|
|
|
source common.sh
|
|
|
|
|
|
|
|
|
|
|
|
_mk_pwquality_conf() {
|
|
|
|
_mk_pwquality_conf() {
|
|
|
|
|
|
|
|
local failed=0
|
|
|
|
local difok=1 \
|
|
|
|
local difok=1 \
|
|
|
|
minlen=8 \
|
|
|
|
minlen=8 \
|
|
|
|
dcredit=0 \
|
|
|
|
dcredit=0 \
|
|
|
@ -27,105 +28,105 @@ _mk_pwquality_conf() {
|
|
|
|
while [ -n "$1" ]; do
|
|
|
|
while [ -n "$1" ]; do
|
|
|
|
case "$1" in
|
|
|
|
case "$1" in
|
|
|
|
--difok) shift;
|
|
|
|
--difok) shift;
|
|
|
|
_check_argument_is_number "$1" "--difok"
|
|
|
|
_check_argument_is_number "$1" "--difok" || failed=1
|
|
|
|
difok="$1"
|
|
|
|
difok="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--minlen) shift;
|
|
|
|
--minlen) shift;
|
|
|
|
_check_argument_value "$1" "6" "--minlen"
|
|
|
|
_check_argument_value "$1" "6" "--minlen" || failed=1
|
|
|
|
minlen="$1"
|
|
|
|
minlen="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--dcredit) shift;
|
|
|
|
--dcredit) shift;
|
|
|
|
_check_argument_is_number "$1" "--dcredit" "-"
|
|
|
|
_check_argument_is_number "$1" "--dcredit" "-" || failed=1
|
|
|
|
dcredit="$1"
|
|
|
|
dcredit="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--ucredit) shift;
|
|
|
|
--ucredit) shift;
|
|
|
|
_check_argument_is_number "$1" "--ucredit" "-"
|
|
|
|
_check_argument_is_number "$1" "--ucredit" "-" || failed=1
|
|
|
|
ucredit="$1"
|
|
|
|
ucredit="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--lcredit) shift;
|
|
|
|
--lcredit) shift;
|
|
|
|
_check_argument_is_number "$1" "--lcredit" "-"
|
|
|
|
_check_argument_is_number "$1" "--lcredit" "-" || failed=1
|
|
|
|
lcredit="$1"
|
|
|
|
lcredit="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--ocredit) shift;
|
|
|
|
--ocredit) shift;
|
|
|
|
_check_argument_is_number "$1" "--ocredit" "-"
|
|
|
|
_check_argument_is_number "$1" "--ocredit" "-" || failed=1
|
|
|
|
ocredit="$1"
|
|
|
|
ocredit="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--minclass) shift;
|
|
|
|
--minclass) shift;
|
|
|
|
_check_argument_is_number "$1" "--minclass"
|
|
|
|
_check_argument_is_number "$1" "--minclass" || failed=1
|
|
|
|
minclass="$1"
|
|
|
|
minclass="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--maxrepeat) shift;
|
|
|
|
--maxrepeat) shift;
|
|
|
|
_check_argument_is_number "$1" "--maxrepeat"
|
|
|
|
_check_argument_is_number "$1" "--maxrepeat" || failed=1
|
|
|
|
maxrepeat="$1"
|
|
|
|
maxrepeat="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--maxsequence) shift;
|
|
|
|
--maxsequence) shift;
|
|
|
|
_check_argument_is_number "$1" "--maxsequence"
|
|
|
|
_check_argument_is_number "$1" "--maxsequence" || failed=1
|
|
|
|
maxsequence="$1"
|
|
|
|
maxsequence="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--maxclassrepeat) shift;
|
|
|
|
--maxclassrepeat) shift;
|
|
|
|
_check_argument_is_number "$1" "--maxclassrepeat"
|
|
|
|
_check_argument_is_number "$1" "--maxclassrepeat" || failed=1
|
|
|
|
maxclassrepeat="$1"
|
|
|
|
maxclassrepeat="$1"
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--gecoscheck) shift;
|
|
|
|
--gecoscheck) shift;
|
|
|
|
_check_argument_is_number "$1" "--gecoscheck"
|
|
|
|
_check_argument_is_number "$1" "--gecoscheck" || failed=1
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
geoscheck="$1"
|
|
|
|
geoscheck="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--dictcheck) shift;
|
|
|
|
--dictcheck) shift;
|
|
|
|
_check_argument_is_number "$1" "--dictcheck"
|
|
|
|
_check_argument_is_number "$1" "--dictcheck" || failed=1
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
dickcheck="$1"
|
|
|
|
dickcheck="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--usercheck) shift;
|
|
|
|
--usercheck) shift;
|
|
|
|
echo 1
|
|
|
|
_check_argument_is_number "$1" "--usercheck" || failed=1
|
|
|
|
_check_argument_is_number "$1" "--usercheck"
|
|
|
|
|
|
|
|
echo 2
|
|
|
|
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
echo 3
|
|
|
|
|
|
|
|
usercheck="$1"
|
|
|
|
usercheck="$1"
|
|
|
|
echo 4
|
|
|
|
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--usersubstr) shift;
|
|
|
|
--usersubstr) shift;
|
|
|
|
_check_argument_is_number "$1" "--usersubstr"
|
|
|
|
_check_argument_is_number "$1" "--usersubstr" || failed=1
|
|
|
|
usersubstr="$1"
|
|
|
|
usersubstr="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--enforcing) shift;
|
|
|
|
--enforcing) shift;
|
|
|
|
_check_argument_is_number "$1" "--enforcing"
|
|
|
|
_check_argument_is_number "$1" "--enforcing" || failed=1
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
enforcing="$1"
|
|
|
|
enforcing="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--retry) shift;
|
|
|
|
--retry) shift;
|
|
|
|
_check_argument_is_number "$1" "--retry"
|
|
|
|
_check_argument_is_number "$1" "--retry" || failed=1
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--enforce_for_root) shift;
|
|
|
|
--enforce_for_root) shift;
|
|
|
|
_check_argument_is_number "$1" "--enforce_for_root"
|
|
|
|
_check_argument_is_number "$1" "--enforce_for_root" || failed=1
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
enforce_for_root="$1"
|
|
|
|
enforce_for_root="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
--local_users_only) shift;
|
|
|
|
--local_users_only) shift;
|
|
|
|
_check_argument_is_number "$1" "--local_users_only"
|
|
|
|
_check_argument_is_number "$1" "--local_users_only" || failed=1
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
[[ "$1" =~ (0|1) ]] || error $"The received parameters are not correct. Expected %s, received %s" $"0 or 1" "$1"
|
|
|
|
local_users_only="$1"
|
|
|
|
local_users_only="$1"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ "$failed" != 0 ]; then
|
|
|
|
|
|
|
|
error $"Errors occured when trying to understand how to configure auditd"
|
|
|
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
fi
|
|
|
|
cat <<EOF
|
|
|
|
cat <<EOF
|
|
|
|
difok = $difok
|
|
|
|
difok = $difok
|
|
|
|
minlen = $minlen
|
|
|
|
minlen = $minlen
|
|
|
@ -144,6 +145,6 @@ usersubstr = $usersubstr
|
|
|
|
enforcing = $enforcing
|
|
|
|
enforcing = $enforcing
|
|
|
|
retry = $retry
|
|
|
|
retry = $retry
|
|
|
|
EOF
|
|
|
|
EOF
|
|
|
|
[ "$enforce_for_root" == 1 ] && echo "enforce_for_root"
|
|
|
|
if [ "$enforce_for_root" = 1 ]; then echo "enforce_for_root"; fi
|
|
|
|
[ "$local_users_only" == 1 ] && echo "local_users_only"
|
|
|
|
if [ "$local_users_only" = 1 ]; then echo "local_users_only"; fi
|
|
|
|
}
|
|
|
|
}
|
|
|
|