18 changed files with 25 additions and 85 deletions
--- a/DESTDIR/etc/audit/auditd.conf
+++ b/DESTDIR/etc/audit/auditd.conf
@ -2,9 +2,9 @@
 local_events = yes
 log_file = .
 write_logs = yes
-log_format = ENRICHED
+log_format = RAW
 log_group = root
-priority_boost = 4
+priority_boost = 6
 flush = incremental_async
 freq = 0
 max_log_fileaction = rotate
--- a/DESTDIR/etc/security/pwquality.conf
+++ b/DESTDIR/etc/security/pwquality.conf
@ -4,7 +4,7 @@ dcredit = 0
 ucredit = 0
 lcredit = 0
 ocredit = 0
-minclass = 1
+minclass = 0
 maxrepeat = 0
 maxsequence = 0
 maxclassrepeat = 0
--- a/DESTDIR/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
+++ b/DESTDIR/var/lib/linux-infosec-setupper/audit/auditd-conf.sh
@ -1,12 +1,12 @@
 # Generated by linux-infosec-setupper
 local_events="yes"
-log_file="/var/log/audit/audit.log"
+log_file="."
 write_logs="yes"
-log_format="ENRICHED"
+log_format="RAW"
 log_group="root"
-priority_boost="4"
+priority_boost="6"
 flush="incremental_async"
-freq=""
+freq="0"
 max_log_fileaction="rotate"
 num_logs="3"
 disp_qos="lossless"
@ -16,11 +16,11 @@ name_format="hostname"
 name=""
 max_log_file="8"
 action_mail_acct=""
-space_left="10%"
+space_left="10"
 space_left_action="syslog"
 disk_full_action="halt"
 disk_error_action="halt"
-tcp_listen_port=""
-tcp_max_per_addr=""
+tcp_listen_port="1"
+tcp_max_per_addr="1"
 systemd_allowed_ip_list=""
 systemd_denied_ip_list=""
--- a/4
+++ b/4
@ -30,10 +30,6 @@ install:
 	install -m0644 polkit/org.nixtux.pkexec.linux-infosec-setupper-auditd-gui.policy $(DESTDIR)/usr/share/polkit-1/actions/
 	install -m0755 polkit/linux-infosec-setupper-pwquality-gui.sh $(DESTDIR)/usr/bin/linux-infosec-setupper-pwquality-gui
 	install -m0755 polkit/linux-infosec-setupper-auditd-gui.sh $(DESTDIR)/usr/bin/linux-infosec-setupper-auditd-gui
-	
-	mkdir -p $(DESTDIR)/usr/share/applications
-	install -m0644 desktop/pwquality.desktop $(DESTDIR)/usr/share/applications/linux-infosec-setupper-pwquality-gui.desktop
-	install -m0644 desktop/auditd.desktop $(DESTDIR)/usr/share/applications/linux-infosec-setupper-auditd-gui.desktop

 rpm:
 	# https://stackoverflow.com/a/1909390
--- a/README.md
+++ b/README.md
@ -1,19 +1,3 @@
 # linux-infosec-setupper

-Утилиты для настройки функций безопасности ОС Linux
-
-## Функционал и скриншоты
-
-* Гибкая настройка авторизации через polkit
-
-![polkit-1](screenshots/polkit-1.png)
-
-* Графический и CLI интерфейсы для настройки политики сложности паролей (lipwquality)
-
-![pwquality-1](screenshots/pwquality-1.png)
-
-* Графический и CLI интерфейсы для настройки аудита событий информационнйо безопасности и сервера auditd
-
-![auditd-1](screenshots/auditd-1.png)
-
-![auditd-2](screenshots/auditd-2.png)
+Утилиты для настройки функций безопасности ОС Linux
--- a/common.sh
+++ b/common.sh
@ -110,7 +110,6 @@ _validate_email(){

 _pw_parse_conf() {
 	while read -r line; do
-		if [[ "$line" =~ ^# ]] || [ -z "$line" ]; then continue; fi
 		case "$line" in
 			*=*) echo "${line// /}" ;;
 			*)   echo "${line}=1"   ;;
@ -118,6 +117,6 @@ _pw_parse_conf() {
 	done < "${DESTDIR}/etc/security/pwquality.conf"
 }
 _yad_error() {
-	yad --form --image=dialog-error --text="Error" --title="Error" --field="$(printf -- "$@")::TXT" --button="yad-close:1" --width=100 --height=100
+	yad --form --image=dialog-error --text="Error" --title="Error" --field="$@:LBL" --button="yad-close:1" --width=100 --height=100 --scroll
 	return 1
 }
--- a/desktop/auditd.desktop
+++ b/desktop/auditd.desktop
@ -1,10 +0,0 @@
-[Desktop Entry]
-Encoding=UTF-8
-Name=Auditd Setup
-Name[ru]=Настройка Auditd
-Categories=GTK;Settings;
-Exec=/usr/bin/linux-infosec-setupper-auditd-gui
-Icon=security-medium
-Terminal=false
-Type=Application
-StartupNotify=true
--- a/desktop/pwquality.desktop
+++ b/desktop/pwquality.desktop
@ -1,10 +0,0 @@
-[Desktop Entry]
-Encoding=UTF-8
-Name=pwquality setup
-Name[ru]=Настройка pwquality
-Categories=GTK;Settings;
-Exec=/usr/bin/linux-infosec-setupper-pwquality-gui
-Icon=gcr-key
-Terminal=false
-Type=Application
-StartupNotify=true
--- a/front_auditd.sh
+++ b/front_auditd.sh
@ -12,7 +12,7 @@ else
 	source "${SHARE_DIR_AUDIT}/back_auditd.sh"
 fi

-if [ ! -f "${VAR_DIR_AUDIT}/auditd-conf.sh" ]; then
+if ! [ -f "${VAR_DIR_AUDIT}/auditd-conf.sh}" ]; then
 	_mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
 fi

@ -39,8 +39,6 @@ _rm_temp() {
 }
 trap _rm_temp EXIT

-set +e
-
 yad --plug=$_NUMBER --tabnum=1 --form \
 	--text-align=center \
 	--bool-fmt=T \
@ -97,9 +95,9 @@ yad --plug=$_NUMBER --tabnum=2 --form \
 	--image=security-medium \
 	--scroll \
 	--field=$"Tcp listen port::LBL" "!" \
-	  --field=$"${_tag1}(Value) Tcp listen port${_tag2}::NUM" "${tcp_listen_port:-0}!0..65535!1" \
+	  --field=$"${_tag1}(Value) Tcp listen port${_tag2}::NUM" "${tcp_listen_port:-1}!1..65535!1" \
 	--field=$"Tcp max per addr::LBL" "!" \
-	  --field=$"${_tag1}(Value) Tcp max per addr${_tag2}::NUM" "${tcp_max_per_addr_port:-0}!0..65535!1" \
+	  --field=$"${_tag1}(Value) Tcp max per addr${_tag2}::NUM" "${tcp_max_per_addr_port:-1}!1..65535!1" \
 	--field=$"Systemd firewalling params:LBL" "!" \
 	  --field=$"${_tag1}(Value) Allowed IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "-"; else echo -e "${systemd_allowed_ip_list// /\\n}"; fi)" \
 	  --field=$"${_tag1}(Value) Denied IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "-"; else echo -e "${systemd_denied_ip_list// /\\n}"; fi)" &>"$_temp_file2" &
@ -115,9 +113,8 @@ yad --key=$_NUMBER --notebook --stack --expand --tab=$"Audit" --tab=$"Network" \
 # The exit code after clicking on this button is 3. We restore the config if we clicked on this button
 if [ "$_status" == 3 ]; then
 	_mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }
-fi	

-set -e
+fi	

 var="$(<"$_temp_file1")$(<"$_temp_file2")"

@ -165,12 +162,6 @@ fi
 if ! [[ "$(echo "$var2" | grep -o -- "--freq .*")" && "$(echo "$var2" | grep -o -- "--flush incremental_async")" ]]; then
 	var2="$(echo "$var2" | sed '/^--freq .*/d')"
 fi
-if [[ "$(echo "$var2" | grep -o -- "--tcp_listen_port 0")" ]]; then
-	var2="$(echo "$var2" | sed '/^--tcp_listen_port 0/d')"
-fi
-if [[ "$(echo "$var2" | grep -o -- "--tcp_max_per_addr 0")" ]]; then
-	var2="$(echo "$var2" | sed '/^--tcp_max_per_addr 0/d')"
-fi
 ####
 var2="$(echo "$var2" | tr '\n' ' ')"
 set -e
--- a/front_pwquality.sh
+++ b/front_pwquality.sh
@ -20,11 +20,7 @@ PWQUALITY_FRONT=1
 if ! [[ -f "${VAR_DIR_PWQUALITY}/pw_changed" ]]; then
 	cat "$PW_DEFAULT" > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
 	install -D -m 444 /dev/null "${VAR_DIR_PWQUALITY}/pw_changed" || { error $"Unable to write to file %s" "${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }
-fi
-if [[ "$(grep "^#" "${DESTDIR}/etc/security/pwquality.conf")" ]]; then
-	cat "$PW_DEFAULT" > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
-	install -D -m 444 /dev/null "${VAR_DIR_PWQUALITY}/pw_changed" || { error $"Unable to write to file %s" "${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }
-fi
+fi	

 # In case the config was changed manually, or there were errors in it,
 # we check whether everything can be parsed correctly, and if not, it outputs an error
@ -40,8 +36,6 @@ done
 _tag1="<span weight='bold'>"
 _tag2="</span>"

-set +e
-
 var="$(yad --title="linux-infosec-setupper: pwquality" --form \
 	--text-align=center \
 	--bool-fmt=T \
@ -58,11 +52,11 @@ var="$(yad --title="linux-infosec-setupper: pwquality" --form \
 	--field=$"The maximum credit for having digits in the new password::LBL" "!" \
 	  --field=$"${_tag1}Value (dcredit)${_tag2}:NUM" "$dcredit!-9999..+9999!1" \
 	--field=$"The maximum credit for having uppercase characters in the new password::LBL" "!" \
-	  --field=$"${_tag1}Value (ucredit)${_tag2}:NUM" "$ucredit!-9999..+9999!1" \
+	  --field=$"${_tag1}Value (ucredit)${_tag2}:NUM" "$ucredir!-9999..+9999!1" \
 	--field=$"The maximum credit for having lowercase characters in the new password::LBL" "!" \
-	  --field=$"${_tag1}Value (lcredit)${_tag2}:NUM" "$lcredit!-9999..+9999!1" \
+	  --field=$"${_tag1}Value (lcredit)${_tag2}:NUM" "$lcredir!-9999..+9999!1" \
 	--field=$"The maximum credit for having other characters in the new password::LBL" "!" \
-	  --field=$"${_tag1}Value (ocredit)${_tag2}:NUM" "$ocredit!-9999..+9999!1" \
+	  --field=$"${_tag1}Value (ocredit)${_tag2}:NUM" "$ocredir!-9999..+9999!1" \
 	--field=$"The minimum number of required classes of characters for the new password::LBL" "!" \
 	  --field=$"${_tag1}Value (minclass)${_tag2}:NUM" "$minclass!0..9999!1" \
 	--field=$"The maximum number of allowed same consecutive charatcers in the new password::LBL" "!" \
@ -89,8 +83,6 @@ var="$(yad --title="linux-infosec-setupper: pwquality" --form \
 	  --field=$"Status (local_users_only):CHK" "$local_users_only")"
 	_status="$?"

-set -e
-
 # If we clicked on the "Load default" button, we decided to restore the settings.
 # The exit code after clicking on this button is 3. We restore the config if we clicked on this button
 if [ "$_status" == 3 ]; then
--- a/linux-infosec-setupper.spec
+++ b/linux-infosec-setupper.spec
@ -2,7 +2,7 @@ Name: linux-infosec-setupper
 Summary: CLI and GUI utilities to setup information security-related parts of Linux
 License: GPLv3
 Group: System/Configuration/Other
-Version: 0.5
+Version: 0.2
 Release: 1
 Source0: %{name}-%{version}.tar.gz
 BuildArch: noarch
@ -18,7 +18,7 @@ BuildRequires: gettext
 %package common
 Summary: Common parts for subpackages of %{name}
 Group: System/Configuration/Other
-Requires: gawk
+Requires: awk
 Requires: bash
 Requires: coreutils
 Requires: grep
@ -67,7 +67,6 @@ GUI to setup auditd configs
 %{_sbindir}/linux-infosec-setupper-auditd-gui
 %{_bindir}/linux-infosec-setupper-auditd-gui
 %{_datadir}/polkit-1/actions/org.nixtux.pkexec.linux-infosec-setupper-auditd-gui.policy
-%{_datadir}/applications/linux-infosec-setupper-auditd-gui.desktop

 #-----------------------------------------------------------------------------------

@ -91,7 +90,6 @@ CLI and backend to setup pwquality configs
 %dir %{_datadir}/linux-infosec-setupper/pwquality
 %{_datadir}/linux-infosec-setupper/pwquality/back_pwquality.sh
 %{_datadir}/linux-infosec-setupper/pwquality/pw_default
-%{_datadir}/applications/linux-infosec-setupper-pwquality-gui.desktop
 %dir %attr(0700,root,root) /var/lib/linux-infosec-setupper/pwquality
 %ghost /var/lib/linux-infosec-setupper/pwquality/pw_changed

--- a/po/ru.po
+++ b/po/ru.po
@ -374,7 +374,7 @@ msgstr ""

 #: ../front_pwquality.sh:37 ../front_pwquality.sh:39
 msgid "The maximum credit for having other characters in the new password::LBL"
-msgstr "Максимальный кредит на остальные символы в новом пароле::LBL"
+msgstr "Максимальный кредит на осталньые символы в новом пароле"

 #: ../front_pwquality.sh:37 ../front_pwquality.sh:39
 msgid "${_tag1}Value (ocredit)${_tag2}:NUM"
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 minlen = 8
 dcredit = 0
-ucredit = 0
+ucredir = 0
 lcredit = 0
 ocredit = 0
 minclass = 0
--- a/screenshots/auditd-1.png
+++ b/screenshots/auditd-1.png
--- a/screenshots/auditd-2.png
+++ b/screenshots/auditd-2.png
--- a/screenshots/polkit-1.png
+++ b/screenshots/polkit-1.png
--- a/screenshots/pwquality-1.png
+++ b/screenshots/pwquality-1.png
--- a/stock/pw_default
+++ b/stock/pw_default
@ -1,6 +1,6 @@
 minlen = 8
 dcredit = 0
-ucredit = 0
+ucredir = 0
 lcredit = 0
 ocredit = 0
 minclass = 0