Allow defining a proxy for data uploads

2025-07-23 13:54:35 +02:00 · 2016-01-07 12:57:24 +01:00 · 2016-01-07 12:57:24 +01:00 · f313b2edf8
commit f313b2edf8
parent 4736ad87b9
4 changed files with 61 additions and 7 deletions
--- a/default.prf
+++ b/default.prf
@ -359,10 +359,16 @@ permdir:/root/.ssh:rwx------:root:-:WARN:

 # Provide options to cURL when uploading data. Common options include:
 # -k or --insecure                    --> use HTTPS, but skip certificate check (e.g. self-signed)
-# --proxy [http://]proxyserver:8080   --> use HTTP/HTTPS proxy
-# --socks5 proxyserver:8080           --> use SOCKS proxy
 #config:upload_options:-k:

+# Proxy settings
+# Protocol (http, https, socks5)
+#config:upload_proxy_protocol:https:
+# Address
+#config:upload_proxy_server:1.2.3.4:
+# Port
+#config:upload_proxy_port:3128:
+
 # Define groups
 #config:group:[group name]:
 #config:group:test:
--- a/include/consts
+++ b/include/consts
@ -160,6 +160,9 @@ unset LANG
    UEFI_BOOTED_SECURE=0
    UNBOUND_RUNNING=0
    UPLOAD_OPTIONS=""
+    UPLOAD_PROXY_PORT=""
+    UPLOAD_PROXY_PROTOCOL=""
+    UPLOAD_PROXY_SERVER=""
    UPDATE_CHECK_SKIPPED=0
    VALUE=""
    VMTYPE=""
--- a/include/data_upload
+++ b/include/data_upload
@ -143,16 +143,50 @@ output "Settings file: ${SETTINGS_FILE}"
            if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then
                CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'"
            fi
+            if [ ! "${UPLOAD_PROXY_SERVER}" = "" ]; then
+                LogText "Upload: Proxy is configured: ${UPLOAD_SERVER}"
+                if [ ! "${UPLOAD_PROXY_PORT}" = "" ]; then
+                    LogText "Upload: Proxy port number is ${UPLOAD_PROXY_PORT}"
+                    UPLOAD_PROXY_PORT=":${UPLOAD_PROXY_PORT}"
+                fi
+                LogText "Upload: Proxy protocol is ${UPLOAD_PROXY_PROTOCOL}"
+                case ${UPLOAD_PROXY_PROTOCOL} in
+                    "http")
+                        UPLOAD_PROXY="http://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
+                    ;;
+                    "https")
+                        UPLOAD_PROXY="https://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
+                    ;;
+                    "socks5")
+                        UPLOAD_PROXY="${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --socks5 ${UPLOAD_PROXY}"
+                    ;;
+                    *)
+                        echo "Unknown protocol. Please report to lynis-dev@cisofy.com"
+                        ExitFatal
+                    ;;
+                esac
+            fi
            logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
            UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null`
            EXITCODE=$?
            if [ ${EXITCODE} -gt 0 ]; then
-                echo "${RED}Error: ${NORMAL}Error occurred, cURL ended during the upload of the report data."
-                echo "Related exit code: ${EXITCODE}"
-                echo "Check the last section of the log file for the exact command used, for further troubleshooting"
-                echo "Debug:"
-                echo ${UPLOAD}
+                echo ""
                echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details."
+                echo "Suggested command: tail -n 20 ${LOGFILE}"
+                echo ""
+                case ${EXITCODE} in
+                    5) echo "${YELLOW}Error (5): ${NORMAL}Could not resolve the hostname of the proxy." ;;
+                    6) echo "${YELLOW}Error (6): ${NORMAL}Could not resolve the hostname of central server." ;;
+                    7) echo "${YELLOW}Error (7): ${NORMAL}Could not connect to central server or proxy server." ;;
+                    59) echo "${YELLOW}Error (59): ${NORMAL}Could not connect because of used SSL cipher." ;;
+                    83) echo "${YELLOW}Error (83): ${NORMAL}Could not check used certificate of server." ;;
+                    *) echo "Related exit code: ${YELLOW}{EXITCODE}${NORMAL}. See man page of cURL for the meaning of this code." ;;
+                esac
+                if [ ! "${UPLOAD}" = "" ]; then echo ""; echo "Debug:"; echo ${UPLOAD}; fi
+                echo ""
                # Quit
                ExitClean
            fi
--- a/include/profiles
+++ b/include/profiles
@ -183,6 +183,17 @@
                UPLOAD_OPTIONS="${VALUE}"
            ;;

+            # Proxy settings
+            upload_proxy_port)
+                UPLOAD_PROXY_PORT="${VALUE}"
+            ;;
+            upload_proxy_protocol)
+                UPLOAD_PROXY_PROTOCOL="${VALUE}"
+            ;;
+            upload_proxy_server)
+                UPLOAD_PROXY_SERVER="${VALUE}"
+            ;;
+
            # Receiving system (IP address or hostname)
            upload_server)
                UPLOAD_SERVER="${VALUE}"