Утилиты для настройки функций безопасности ОС Linux
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

123 lines
3.1 KiB

# prefix for testing
DESTDIR="${DESTDIR:-}"
PWQUALITY_CONF_FILE="${DESTDIR}/etc/security/pwquality.conf"
VAR_DIR_ROOT="${DESTDIR}/var/lib/linux-infosec-setupper"
VAR_DIR_PWQUALITY="${VAR_DIR_ROOT}/pwquality"
VAR_DIR_AUDIT="${VAR_DIR_ROOT}/audit"
SHARE_DIR_ROOT="${DESTDIR}/usr/share/linux-infosec-setupper"
SHARE_DIR_PWQUALITY="${SHARE_DIR_ROOT}/pwquality"
SHARE_DIR_AUDIT="${SHARE_DIR_ROOT}/audit"
# /etc/audit/audit.rules is generated automatically from /etc/audit/rules.d/*,
# do not edit it; also do not edit any other files, work only with ours,
# assume that there are no other configs or they have lower priority
AUDIT_RULES_FILE="${DESTDIR}/etc/audit/rules.d/90-linux-infosec-setupper.rules"
AUDIT_DAEMON_CONFIG="${DESTDIR}/etc/audit/auditd.conf"
AUDIT_DAEMON_SYSTEMD_OVERRIDE="${DESTDIR}/etc/systemd/system/auditd.service.d/90-linux-infosec-setupper-auditd-firewall.conf"
# validate email, https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733
REGEX_EMAIL="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
_echo() {
printf -- "$@"
echo ''
}
error() {
printf -- "$@" 1>&2
echo '' 1>&2
}
TEXTDOMAIN=linux-infosec-setupper
# detect running from git tree
if [ -f ./common.sh ] && [ -f "$0" ]
then
TEXTDOMAINDIR="${PWD}/po"
PW_DEFAULT=pw_default
else
TEXTDOMAINDIR=/usr/share/locale
PW_DEFAULT="${SHARE_DIR_PWQUALITY}/pw_default"
fi
# $1 - value
# $2 - param name
# (optional) $3 - anything, trigger check for non-negative
_check_argument_is_number() {
if [[ "$1" == [0-9]* ]]; then
return 0
else
if [ -n "$3" ]; then
grep -Exq -- "(\-|\+)[0-9]*" <<< "$1" && return 0
fi
error $"Argument to %s must be a number" "$2"
return 1
fi
}
# $1 - value
# $2 - param name
_check_argument_value() {
if (( "$1" < "$2" )); then
error $"Argument to %s must be greater than %s" "$2" "$3"
return 1
else
return 0
fi
}
# $1 - value
# $2 - param name
_check_argument_is_string() {
if [[ "$1" == *[[:blank:]]* ]]; then
error $"Argument to %s must be a string without spaces" "$2"
return 1
else
return 0
fi
}
# $1 - value
# $2 - param name
_check_argument_is_boolean(){
case "$1" in
"yes" ) return 0 ;;
"no" ) return 0 ;;
"" )
error $"Value of %s is empty, set yes or no" "$2"
return 1
;;
* )
error $"String %s is not a boolean, set yes or no" "$1"
return 1
;;
esac
}
# $1 - value
# $2 - param name
_check_argument_is_non_negative_number(){
# 2>/dev/null to avoid odd output if $1 is not a number
if ! test "$1" -ge 0 2>/dev/null; then
error $"Value of %s must be a non-negative number" "$2"
return 1
fi
}
_validate_email(){
if ! [[ "$1" =~ ${regex_email} ]] ; then
error $"%s is not a correct email" "$1"
return 1
fi
}
_pw_parse_conf() {
while read -r line; do
if [[ "$line" =~ ^# ]] || [ -z "$line" ]; then continue; fi
case "$line" in
*=*) echo "${line// /}" ;;
*) echo "${line}=1" ;;
esac
done < "${DESTDIR}/etc/security/pwquality.conf"
}
_yad_error() {
yad --form --image=dialog-error --text="Error" --title="Error" --field="$@:LBL" --button="yad-close:1" --width=100 --height=100 --scroll
return 1
}