Allow defining a proxy for data uploads

4 files changed, 61 insertions, 7 deletions

diff --git a/default.prf b/default.prf
index 8a70c756..e1d9cbb6 100644
--- a/default.prf
+++ b/default.prf
@@ -359,10 +359,16 @@ permdir:/root/.ssh:rwx------:root:-:WARN:
 
 # Provide options to cURL when uploading data. Common options include:
 # -k or --insecure                    --> use HTTPS, but skip certificate check (e.g. self-signed)
-# --proxy [http://]proxyserver:8080   --> use HTTP/HTTPS proxy
-# --socks5 proxyserver:8080           --> use SOCKS proxy
 #config:upload_options:-k:
 
+# Proxy settings
+# Protocol (http, https, socks5)
+#config:upload_proxy_protocol:https:
+# Address
+#config:upload_proxy_server:1.2.3.4:
+# Port
+#config:upload_proxy_port:3128:
+
 # Define groups
 #config:group:[group name]:
 #config:group:test:
diff --git a/include/consts b/include/consts
index 4ff0a896..8bd4f54b 100644
--- a/include/consts
+++ b/include/consts
@@ -160,6 +160,9 @@ unset LANG
     UEFI_BOOTED_SECURE=0
     UNBOUND_RUNNING=0
     UPLOAD_OPTIONS=""
+    UPLOAD_PROXY_PORT=""
+    UPLOAD_PROXY_PROTOCOL=""
+    UPLOAD_PROXY_SERVER=""
     UPDATE_CHECK_SKIPPED=0
     VALUE=""
     VMTYPE=""
diff --git a/include/data_upload b/include/data_upload
index 6bb4d6df..70d69c30 100644
--- a/include/data_upload
+++ b/include/data_upload
@@ -143,16 +143,50 @@ output "Settings file: ${SETTINGS_FILE}"
             if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then
                 CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'"
             fi
+            if [ ! "${UPLOAD_PROXY_SERVER}" = "" ]; then
+                LogText "Upload: Proxy is configured: ${UPLOAD_SERVER}"
+                if [ ! "${UPLOAD_PROXY_PORT}" = "" ]; then
+                    LogText "Upload: Proxy port number is ${UPLOAD_PROXY_PORT}"
+                    UPLOAD_PROXY_PORT=":${UPLOAD_PROXY_PORT}"
+                fi
+                LogText "Upload: Proxy protocol is ${UPLOAD_PROXY_PROTOCOL}"
+                case ${UPLOAD_PROXY_PROTOCOL} in
+                    "http")
+                        UPLOAD_PROXY="http://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
+                    ;;
+                    "https")
+                        UPLOAD_PROXY="https://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}"
+                    ;;
+                    "socks5")
+                        UPLOAD_PROXY="${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}"
+                        CURL_OPTIONS="${CURL_OPTIONS} --socks5 ${UPLOAD_PROXY}"
+                    ;;
+                    *)
+                        echo "Unknown protocol. Please report to lynis-dev@cisofy.com"
+                        ExitFatal
+                    ;;
+                esac
+            fi
             logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
             UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null`
             EXITCODE=$?
             if [ ${EXITCODE} -gt 0 ]; then
-                echo "${RED}Error: ${NORMAL}Error occurred, cURL ended during the upload of the report data."
-                echo "Related exit code: ${EXITCODE}"
-                echo "Check the last section of the log file for the exact command used, for further troubleshooting"
-                echo "Debug:"
-                echo ${UPLOAD}
+                echo ""
                 echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details."
+                echo "Suggested command: tail -n 20 ${LOGFILE}"
+                echo ""
+                case ${EXITCODE} in
+                    5) echo "${YELLOW}Error (5): ${NORMAL}Could not resolve the hostname of the proxy." ;;
+                    6) echo "${YELLOW}Error (6): ${NORMAL}Could not resolve the hostname of central server." ;;
+                    7) echo "${YELLOW}Error (7): ${NORMAL}Could not connect to central server or proxy server." ;;
+                    59) echo "${YELLOW}Error (59): ${NORMAL}Could not connect because of used SSL cipher." ;;
+                    83) echo "${YELLOW}Error (83): ${NORMAL}Could not check used certificate of server." ;;
+                    *) echo "Related exit code: ${YELLOW}{EXITCODE}${NORMAL}. See man page of cURL for the meaning of this code." ;;
+                esac
+                if [ ! "${UPLOAD}" = "" ]; then echo ""; echo "Debug:"; echo ${UPLOAD}; fi
+                echo ""
                 # Quit
                 ExitClean
             fi
diff --git a/include/profiles b/include/profiles
index 60872345..53c1b794 100644
--- a/include/profiles
+++ b/include/profiles
@@ -183,6 +183,17 @@
                 UPLOAD_OPTIONS="${VALUE}"
             ;;
 
+            # Proxy settings
+            upload_proxy_port)
+                UPLOAD_PROXY_PORT="${VALUE}"
+            ;;
+            upload_proxy_protocol)
+                UPLOAD_PROXY_PROTOCOL="${VALUE}"
+            ;;
+            upload_proxy_server)
+                UPLOAD_PROXY_SERVER="${VALUE}"
+            ;;
+
             # Receiving system (IP address or hostname)
             upload_server)
                 UPLOAD_SERVER="${VALUE}"