#!/bin/bash set -e # detect running from git tree if [ -f ./common.sh ] && [ -f "$0" ] then source common.sh source back_auditd.sh else source /usr/share/linux-infosec-setupper/common.sh source "${SHARE_DIR_AUDIT}/back_auditd.sh" fi if [ ! -f "${VAR_DIR_AUDIT}/auditd-conf.sh" ]; then _mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; } fi source "${VAR_DIR_AUDIT}/auditd-conf.sh" || exit 1 # For yad checkboxes, the words TRUE or FALSE are required. # We change the following parameters no to FALSE and yes to TRUE for i in local_events write_logs distribute_network; do # The variables have the same name as the lines in the config eval 'if [[ $'$i' == "yes" ]]; then declare $i=TRUE; else declare $i=FALSE; fi' || { _yad_error $"Unable to set variable %s" "$i"; exit 1; } done _tag1="" _tag2="" _NUMBER="$(( ${RANDOM:0:4} * 13 ))" _umask="$(umask)" umask 0077 _temp_file1="$(mktemp front_audit1.XXXXXXXX)" _temp_file2="$(mktemp front_audit2.XXXXXXXX)" umask "$_umask" _rm_temp() { rm -f "$_temp_file1" "$_temp_file2" exit 0 } trap _rm_temp EXIT set +e yad --plug=$_NUMBER --tabnum=1 --form \ --text-align=center \ --bool-fmt=T \ --text=$"Audit daemon settings" \ --image=security-medium \ --scroll \ --field=$"Local events::LBL" "!" \ --field=$"(Status) Local events:CHK" "${local_events:-FALSE}" \ --field=$"Log file::LBL" "!" \ --field=$"${_tag1}(String) Log file${_tag2}:SFL" "${log_file:--}" \ --field=$"Write logs::LBL" "!" \ --field=$"(Status) Write logs:CHK" "${write_logs:-FALSE}" \ --field=$"Log format::LBL" "!" \ --field=$"${_tag1}(Value) Log format${_tag2}:CB" "$(if [ -n "$log_format" ]; then echo "RAW!ENRICHED!" | sed "s/$log_format\!/\^$log_format\!/g;s/\!\$//"; else echo "RAW!ENRICHED"; fi)" \ --field=$"Log group::LBL" "!" \ --field=$"${_tag1}(String) Log group${_tag2}" "${log_group:--}" \ --field=$"Priority boost::LBL" "!" \ --field=$"${_tag1}(Value) Priority boost${_tag2}:NUM" "${priority_boost:-0}!" \ --field=$"Flush::LBL" "!" \ --field=$"(Value) Flush:CB" "$(if [ -n "$flush" ]; then echo "none!incremental!incremental_async!data!sync!" | sed "s/$flush\!/\^$flush\!/g;s/\!\$//"; else echo "none!incremental!incremental_async!data!sync"; fi)" \ --field=$"Freq::LBL" "!" \ --field=$"${_tag1}(Value) Freq${_tag2}:NUM" "${freq:-0}!" \ --field=$"Max log fileaction::LBL" "!" \ --field=$"${_tag1}(Value) Max log fileaction${_tag2}:CB" "$(if [ -n "$max_log_fileaction" ]; then echo "ignore!syslog!suspend!rotate!keep_logs!" | sed "s/$max_log_fileaction\!/\^$max_log_fileaction\!/g;s/\!\$//"; else echo "ignore!syslog!suspend!rotate!keep_logs"; fi)" \ --field=$"Num logs::LBL" "!" \ --field=$"${_tag1}(Value) Num logs${_tag2}:NUM" "${num_logs:-0}!" \ --field=$"Disp Qos::LBL" "!" \ --field=$"${_tag1}(Value) Disp Qos${_tag2}:CB" "$(if [ -n "$disp_qos" ]; then echo "lossy!lossless!" | sed "s/$disp_qos\!/\^$disp_qos\!/g;s/\!\$//"; else echo "lossy!lossless"; fi)" \ --field=$"Dispatcher::LBL" "!" \ --field=$"${_tag1}(String) dispatcher${_tag2}:SFL" "${dispatcher:--}" \ --field=$"Distribute network::LBL" "!" \ --field=$"(Status) Distribute network:CHK" "${distribute_network:-FALSE}" \ --field=$"Name format::LBL" "!" \ --field=$"${_tag1}(Value) Name format${_tag2}:CB" "$(if [ -n "$name_format" ]; then echo "none!hostname!fqd!numeric!user!" | sed "s/$name_format\!/\^$name_format\!/g;s/\!\$//"; else echo "none!hostname!fqd!numeric!user"; fi)" \ --field=$"Name::LBL" "!" \ --field=$"${_tag1}(String) Name${_tag2}" "${name:--}" \ --field=$"Max log file::LBL" "!" \ --field=$"${_tag1}(Value) Max log file${_tag2}:NUM" "${max_log_file:-1}!" \ --field=$"Action Mail Acct::LBL" "!" \ --field=$"${_tag1}(String) Action Mail Acct${_tag2}:" "${action_mail_acct:--}" \ --field=$"Space left::LBL" "!" \ --field=$"${_tag1}(Value) Space left${_tag2}:NUM" "${space_left:-1}!" \ --field=$"Space left action::LBL" "!" \ --field=$"${_tag1}(String) Space left action${_tag2}:CBE" "$(if [ -n "$space_left_action" ]; then echo "ignore!syslog!rotate!email!suspend!single!halt!exec!" | sed "s/$space_left_action\!/\^$space_left_action\!/g;s/\!\$//"; else echo "ignore!syslog!rotate!email!suspend!single!halt!exec"; fi)" \ --field=$"Disk full action::LBL" "!" \ --field=$"${_tag1}(String) Disk full action${_tag2}:CBE" "$(if [ -n "$disk_full_action" ]; then echo "ignore!syslog!rotate!email!suspend!single!halt!exec!" | sed "s/$disk_full_action\!/\^$disk_full_action\!/g;s/\!\$//"; else echo "ignore!syslog!rotate!email!suspend!single!halt!exec"; fi)" \ --field=$"Disk error action::LBL" "!" \ --field=$"${_tag1}(String) Disk error action${_tag2}:CBE" "$(if [ -n "$disk_error_action" ]; then echo "ignore!syslog!rotate!email!suspend!single!halt!exec!" | sed "s/$disk_error_action\!/\^$disk_error_action\!/g;s/\!\$//"; else echo "ignore!syslog!rotate!email!suspend!single!halt!exec"; fi)" &>"$_temp_file1" & yad --plug=$_NUMBER --tabnum=2 --form \ --text-align=center \ --bool-fmt=T \ --text=$"Network server" \ --image=security-medium \ --scroll \ --field=$"Tcp listen port::LBL" "!" \ --field=$"${_tag1}(Value) Tcp listen port${_tag2}::NUM" "${tcp_listen_port:-0}!0..65535!1" \ --field=$"Tcp max per addr::LBL" "!" \ --field=$"${_tag1}(Value) Tcp max per addr${_tag2}::NUM" "${tcp_max_per_addr_port:-0}!0..65535!1" \ --field=$"Systemd firewalling params:LBL" "!" \ --field=$"${_tag1}(Value) Allowed IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "-"; else echo -e "${systemd_allowed_ip_list// /\\n}"; fi)" \ --field=$"${_tag1}(Value) Denied IPs${_tag2}::TXT" "$(if [ -z "$systemd_allowed_ips" ]; then echo "-"; else echo -e "${systemd_denied_ip_list// /\\n}"; fi)" &>"$_temp_file2" & #systemd-firewalling-params yad --key=$_NUMBER --notebook --stack --expand --tab=$"Audit" --tab=$"Network" \ --width=800 \ --height=800 \ --title=$"linux-infosec-setupper" \ --button=$"Load defaults!view-refresh:3" --button=$"yad-save:0" --button=$"yad-close:1" _status="$?" # If we clicked on the "Load default" button, we decided to restore the settings. # The exit code after clicking on this button is 3. We restore the config if we clicked on this button if [ "$_status" == 3 ]; then _mk_auditd_config || { _yad_error $"Unable to read file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; } fi set -e var="$(<"$_temp_file1")$(<"$_temp_file2")" # If we decide to undo the changes and not change anything, the var variable will be empty. [ -z "$var" ] && exit 0 # The default delimiter in yad is | var2="$(while read -rd '|' line; do echo $line done <<<"$var" | sed '/^$/d' | \ sed 's/TRUE/yes/ ;s/FALSE/no/ ;1s/^/--local-events / ;2s/^/--log_file / ;3s/^/--write_logs / ;4s/^/--log_format / ;5s/^/--log_group / ;6s/^/--priority_boost / ;7s/^/--flush / ;8s/^/--freq / ;9s/^/--max_log_fileaction / ;10s/^/--num_logs / ;11s/^/--disp_qos / ;12s/^/--dispatcher / ;13s/^/--distribute_network / ;14s/^/--name_format / ;15s/^/--name / ;16s/^/--max_log_file / ;17s/^/--action_mail_acct / ;18s/^/--space_left / ;19s/^/--space_left_action / ;20s/^/--disk_full_action / ;21s/^/--disk_error_action / ;22s/^/--tcp_listen_port / ;23s/^/--tcp_max_per_addr / ;24s/^/--systemd_allowed_ip_list / ;25s/^/--systemd_denied_ip_list /' | sed '/.* \-$/d')" #### if ! [[ "$(echo "$var2" | grep -o -- "--distribute_network .*")" && "$(echo "$var2" | grep -o -- "--dispatcher .*")" ]]; then var2="$(echo "$var2" | sed '/^--distribute_network .*/d')" fi if ! [[ "$(echo "$var2" | grep -o -- "--numlogs .*")" && "$(echo "$var2" | grep -o -- "--max_log_file_action rotate")" ]]; then var2="$(echo "$var2" | sed '/^--numlogs .*/d')" fi if ! [[ "$(echo "$var2" | grep -o -- "--freq .*")" && "$(echo "$var2" | grep -o -- "--flush incremental_async")" ]]; then var2="$(echo "$var2" | sed '/^--freq .*/d')" fi if [[ "$(echo "$var2" | grep -o -- "--tcp_listen_port 0")" ]]; then var2="$(echo "$var2" | sed '/^--tcp_listen_port 0/d')" fi if [[ "$(echo "$var2" | grep -o -- "--tcp_max_per_addr 0")" ]]; then var2="$(echo "$var2" | sed '/^--tcp_max_per_addr 0/d')" fi #### var2="$(echo "$var2" | tr '\n' ' ')" set -e _mk_auditd_config $var2 || { error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; } _write_auditd_config || { error $"Unable to write to file %s" "${VAR_DIR_AUDIT}/auditd-conf.sh"; exit 1; }