# prefix for testing DESTDIR="${DESTDIR:-}" PWQUALITY_CONF_FILE="${DESTDIR}/etc/security/pwquality.conf" VAR_DIR_ROOT="${DESTDIR}/var/lib/linux-infosec-setupper" VAR_DIR_PWQUALITY="${VAR_DIR_ROOT}/pwquality" VAR_DIR_AUDIT="${VAR_DIR_ROOT}/audit" SHARE_DIR_ROOT="${DESTDIR}/usr/share/linux-infosec-setupper" SHARE_DIR_PWQUALITY="${SHARE_DIR_ROOT}/pwquality" SHARE_DIR_AUDIT="${SHARE_DIR_ROOT}/audit" # /etc/audit/audit.rules is generated automatically from /etc/audit/rules.d/*, # do not edit it; also do not edit any other files, work only with ours, # assume that there are no other configs or they have lower priority AUDIT_RULES_FILE="${DESTDIR}/etc/audit/rules.d/90-linux-infosec-setupper.rules" AUDIT_DAEMON_CONFIG="${DESTDIR}/etc/audit/auditd.conf" AUDIT_DAEMON_SYSTEMD_OVERRIDE="${DESTDIR}/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf" # validate email, https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733 REGEX_EMAIL="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" _echo() { printf -- "$@" echo '' } error() { printf -- "$@" 1>&2 echo '' 1>&2 } TEXTDOMAIN=linux-infosec-setupper # detect running from git tree if [ -f ./common.sh ] && [ -f "$0" ] then TEXTDOMAINDIR="${PWD}/po" PW_DEFAULT=pw_default else TEXTDOMAINDIR=/usr/share/locale PW_DEFAULT="${SHARE_DIR_PWQUALITY}/pw_default" fi # $1 - value # $2 - param name # (optional) $3 - anything, trigger check for non-negative _check_argument_is_number() { if [[ "$1" == [0-9]* ]]; then return 0 else if [ -n "$3" ]; then grep -Exq -- "(\-|\+)[0-9]*" <<< "$1" && return 0 fi error $"Argument to %s must be a number" "$2" return 1 fi } # $1 - value # $2 - param name _check_argument_value() { if (( "$1" < "$2" )); then error $"Argument to %s must be greater than %s" "$2" "$3" return 1 else return 0 fi } # $1 - value # $2 - param name _check_argument_is_string() { if [[ "$1" == *[[:blank:]]* ]]; then error $"Argument to %s must be a string without spaces" "$2" return 1 else return 0 fi } # $1 - value # $2 - param name _check_argument_is_boolean(){ case "$1" in "yes" ) return 0 ;; "no" ) return 0 ;; "" ) error $"Value of %s is empty, set yes or no" "$2" return 1 ;; * ) error $"String %s is not a boolean, set yes or no" "$1" return 1 ;; esac } # $1 - value # $2 - param name _check_argument_is_non_negative_number(){ # 2>/dev/null to avoid odd output if $1 is not a number if ! test "$1" -ge 0 2>/dev/null; then error $"Value of %s must be a non-negative number" "$2" return 1 fi } _validate_email(){ if ! [[ "$1" =~ ${regex_email} ]] ; then error $"%s is not a correct email" "$1" return 1 fi } _pw_parse_conf() { while read -r line; do if [[ "$line" =~ ^# ]] || [ -z "$line" ]; then continue; fi case "$line" in *=*) echo "${line// /}" ;; *) echo "${line}=1" ;; esac done < "${DESTDIR}/etc/security/pwquality.conf" } _yad_error() { yad --form --image=dialog-error --text="Error" --title="Error" --field="$@:LBL" --button="yad-close:1" --width=100 --height=100 --scroll return 1 }