nixteam
/
linux-infosec-setupper
2
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v0.2
v0.5
v0.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ed3d3f905c'
${ noResults }
linux-infosec-setupper/front_pwquality_cli.sh

84 lines
4.1 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
# detect running from git tree
if [ -f ./common.sh ] && [ -f "$0" ]
then
source common.sh
source back_pwquality.sh
else
source /usr/share/linux-infosec-setupper/common.sh
source "${SHARE_DIR_PWQUALITY}/back_pwquality.sh"
fi
# Check whether we are running the script for the first time
# Since the config may be standard from the package, it may not be parsed correctly.
# We write our default config instead of the original one, so that the parsing works correctly
if ! [[ -f "${VAR_DIR_PWQUALITY}/pw_changed" ]]; then
cat "$PW_DEFAULT" > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
install -D -m 444 /dev/null "${VAR_DIR_PWQUALITY}/pw_changed" || { error $"Unable to write to file %s" "${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }
fi
while read -r line; do declare "$line" || { error $"Unable to parse /etc/security/pwquality.conf correctly; execute \n%s" "rm ${VAR_DIR_PWQUALITY}/pw_changed"; exit 1; }; done < <(_pw_parse_conf)
PWQUALITY_FRONT=1
failed=0
_args="$(echo "$@" | sed 's/\(d \|-d \)/--difok /
;s/\(m \|-m \)/--minlen /
;s/\(dc \|-dc \)/--dcredit /
;s/\(uc \|-uc \)/--ucredit /
;s/\(lc \|-lc \)/--lcredit /
;s/\(oc \|-oc \)/--ocredit /
;s/\(geco \|-geco \)/--gecoscheck /
;s/\(e \|-e \)/--enforcing /
;s/\(r \|-r \)/--retry /')"
if [ -z "$1" ]; then
error $"No arguments specified"
exit 1
fi
case "$1" in -h|--help|h|help)
echo $"Usage: #NAME# --[OPTIONS...]"
echo $" example: #NAME# --difok 6"
echo $" example: #NAME# d 6"
echo $"#NAME# allows you to manage the file configuration for pwquality in the cli option. A GUI version is also available: #NAME2#"
echo ''
echo $" Options:"
echo $" d, difok Number of characters in the new password that must not be present in the old password"
echo $" m, minlen Minimum acceptable size for the new password"
echo $" dc, dcredit The maximum credit for having digits in the new password"
echo $" uc, ucredit The maximum credit for having uppercase characters in the new password"
echo $" lc, lcredit The maximum credit for having lowercase characters in the new password"
echo $" oc, ocredit The maximum credit for having other characters in the new password"
echo $" minclass The minimum number of required classes of characters for the new password"
echo $" maxrepeat The maximum number of allowed same consecutive characters in the new password"
echo $" maxsequence The maximum length of monotonic character sequences in the new password"
echo $" maxclassrepeat The maximum number of allowed consecutive characters of the same class in the new password"
echo $" geco, gecoscheck Check whether the words longer than 3 characters from the GECOS field of the user's passwd(5) entry are contained in the new password"
echo $" dictcheck Check whether the password (with possible modifications) matches a word in a dictionary"
echo $" usercheck Check whether the password (with possible modifications) contains the user name in some form"
echo $" usersubstr Check whether the password contains a substring of at least N length in some form"
echo $" enforcing Reject the password if it fails the checks, otherwise only print the warning"
echo $" retry Prompt user at most N times before returning with error"
echo $" enforce_for_root The module will return error on failed check even if the user changing the password is root"
echo $" local_users_only The module will not test the password quality for users that are not present in the /etc/passwd file"
echo ''
exit 0
;;
esac
shift
_number=1
while read -r args; do
if [[ $(( _number % 2 )) = 1 ]]; then
case "$args" in
--*) : ;;
-*) args="-$args" ;;
*) args="--$args" ;;
esac
fi
arg_line+=("$args")
((_number++))
done < <(echo -e "${_args// /\\n}")
_mk_pwquality_conf ${arg_line[@]} > "${DESTDIR}/etc/security/pwquality.conf" || { error $"Unable to write to file %s" "${DESTDIR}/etc/security/pwquality.conf"; exit 1; }
Reference in New Issue View Git Blame Copy Permalink