tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow defining a proxy for data uploads

Browse Source
This commit is contained in:
mboelen 2016-01-07 12:57:24 +01:00
parent 4736ad87b9
commit f313b2edf8
4 changed files with 61 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
default.prf
View File

@ -359,10 +359,16 @@ permdir:/root/.ssh:rwx------:root:-:WARN:
# Provide options to cURL when uploading data. Common options include: # Provide options to cURL when uploading data. Common options include:
# -k or --insecure --> use HTTPS, but skip certificate check (e.g. self-signed) # -k or --insecure --> use HTTPS, but skip certificate check (e.g. self-signed)
# --proxy [http://]proxyserver:8080 --> use HTTP/HTTPS proxy
# --socks5 proxyserver:8080 --> use SOCKS proxy
#config:upload_options:-k: #config:upload_options:-k:
# Proxy settings
# Protocol (http, https, socks5)
#config:upload_proxy_protocol:https:
# Address
#config:upload_proxy_server:1.2.3.4:
# Port
#config:upload_proxy_port:3128:
# Define groups # Define groups
#config:group:[group name]: #config:group:[group name]:
#config:group:test: #config:group:test:

3
include/consts
View File

@ -160,6 +160,9 @@ unset LANG
UEFI_BOOTED_SECURE=0 UEFI_BOOTED_SECURE=0
UNBOUND_RUNNING=0 UNBOUND_RUNNING=0
UPLOAD_OPTIONS="" UPLOAD_OPTIONS=""
UPLOAD_PROXY_PORT=""
UPLOAD_PROXY_PROTOCOL=""
UPLOAD_PROXY_SERVER=""
UPDATE_CHECK_SKIPPED=0 UPDATE_CHECK_SKIPPED=0
VALUE="" VALUE=""
VMTYPE="" VMTYPE=""

44
include/data_upload
View File

@ -143,16 +143,50 @@ output "Settings file: ${SETTINGS_FILE}"
if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then
CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'" CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'"
fi fi
if [ ! "${UPLOAD_PROXY_SERVER}" = "" ]; then
LogText "Upload: Proxy is configured: ${UPLOAD_SERVER}"
if [ ! "${UPLOAD_PROXY_PORT}" = "" ]; then
LogText "Upload: Proxy port number is ${UPLOAD_PROXY_PORT}"
UPLOAD_PROXY_PORT=":${UPLOAD_PROXY_PORT}"
fi
LogText "Upload: Proxy protocol is ${UPLOAD_PROXY_PROTOCOL}"
case ${UPLOAD_PROXY_PROTOCOL} in
"http")
UPLOAD_PROXY="http://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
;;
"https")
UPLOAD_PROXY="https://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
;;
"socks5")
UPLOAD_PROXY="${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
CURL_OPTIONS="${CURL_OPTIONS} --socks5 ${UPLOAD_PROXY}"
;;
*)
echo "Unknown protocol. Please report to lynis-dev@cisofy.com"
ExitFatal
;;
esac
fi
logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}" logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null` UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null`
EXITCODE=$? EXITCODE=$?
if [ ${EXITCODE} -gt 0 ]; then if [ ${EXITCODE} -gt 0 ]; then
echo "${RED}Error: ${NORMAL}Error occurred, cURL ended during the upload of the report data." echo ""
echo "Related exit code: ${EXITCODE}"
echo "Check the last section of the log file for the exact command used, for further troubleshooting"
echo "Debug:"
echo ${UPLOAD}
echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details." echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details."
echo "Suggested command: tail -n 20 ${LOGFILE}"
echo ""
case ${EXITCODE} in
5) echo "${YELLOW}Error (5): ${NORMAL}Could not resolve the hostname of the proxy." ;;
6) echo "${YELLOW}Error (6): ${NORMAL}Could not resolve the hostname of central server." ;;
7) echo "${YELLOW}Error (7): ${NORMAL}Could not connect to central server or proxy server." ;;
59) echo "${YELLOW}Error (59): ${NORMAL}Could not connect because of used SSL cipher." ;;
83) echo "${YELLOW}Error (83): ${NORMAL}Could not check used certificate of server." ;;
*) echo "Related exit code: ${YELLOW}{EXITCODE}${NORMAL}. See man page of cURL for the meaning of this code." ;;
esac
if [ ! "${UPLOAD}" = "" ]; then echo ""; echo "Debug:"; echo ${UPLOAD}; fi
echo ""
# Quit # Quit
ExitClean ExitClean
fi fi

11
include/profiles
View File

@ -183,6 +183,17 @@
UPLOAD_OPTIONS="${VALUE}" UPLOAD_OPTIONS="${VALUE}"
;; ;;
# Proxy settings
upload_proxy_port)
UPLOAD_PROXY_PORT="${VALUE}"
;;
upload_proxy_protocol)
UPLOAD_PROXY_PROTOCOL="${VALUE}"
;;
upload_proxy_server)
UPLOAD_PROXY_SERVER="${VALUE}"
;;
# Receiving system (IP address or hostname) # Receiving system (IP address or hostname)
upload_server) upload_server)
UPLOAD_SERVER="${VALUE}" UPLOAD_SERVER="${VALUE}"