diff options
-rw-r--r-- | default.prf | 10 | ||||
-rw-r--r-- | include/consts | 3 | ||||
-rw-r--r-- | include/data_upload | 44 | ||||
-rw-r--r-- | include/profiles | 11 |
4 files changed, 61 insertions, 7 deletions
diff --git a/default.prf b/default.prf index 8a70c756..e1d9cbb6 100644 --- a/default.prf +++ b/default.prf @@ -359,10 +359,16 @@ permdir:/root/.ssh:rwx------:root:-:WARN: # Provide options to cURL when uploading data. Common options include: # -k or --insecure --> use HTTPS, but skip certificate check (e.g. self-signed) -# --proxy [http://]proxyserver:8080 --> use HTTP/HTTPS proxy -# --socks5 proxyserver:8080 --> use SOCKS proxy #config:upload_options:-k: +# Proxy settings +# Protocol (http, https, socks5) +#config:upload_proxy_protocol:https: +# Address +#config:upload_proxy_server:1.2.3.4: +# Port +#config:upload_proxy_port:3128: + # Define groups #config:group:[group name]: #config:group:test: diff --git a/include/consts b/include/consts index 4ff0a896..8bd4f54b 100644 --- a/include/consts +++ b/include/consts @@ -160,6 +160,9 @@ unset LANG UEFI_BOOTED_SECURE=0 UNBOUND_RUNNING=0 UPLOAD_OPTIONS="" + UPLOAD_PROXY_PORT="" + UPLOAD_PROXY_PROTOCOL="" + UPLOAD_PROXY_SERVER="" UPDATE_CHECK_SKIPPED=0 VALUE="" VMTYPE="" diff --git a/include/data_upload b/include/data_upload index 6bb4d6df..70d69c30 100644 --- a/include/data_upload +++ b/include/data_upload @@ -143,16 +143,50 @@ output "Settings file: ${SETTINGS_FILE}" if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'" fi + if [ ! "${UPLOAD_PROXY_SERVER}" = "" ]; then + LogText "Upload: Proxy is configured: ${UPLOAD_SERVER}" + if [ ! "${UPLOAD_PROXY_PORT}" = "" ]; then + LogText "Upload: Proxy port number is ${UPLOAD_PROXY_PORT}" + UPLOAD_PROXY_PORT=":${UPLOAD_PROXY_PORT}" + fi + LogText "Upload: Proxy protocol is ${UPLOAD_PROXY_PROTOCOL}" + case ${UPLOAD_PROXY_PROTOCOL} in + "http") + UPLOAD_PROXY="http://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}" + CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}" + ;; + "https") + UPLOAD_PROXY="https://${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}" + CURL_OPTIONS="${CURL_OPTIONS} --proxy ${UPLOAD_PROXY}" + ;; + "socks5") + UPLOAD_PROXY="${UPLOAD_PROXY_SERVER}${UPLOAD_PROXY_PORT}" + CURL_OPTIONS="${CURL_OPTIONS} --socks5 ${UPLOAD_PROXY}" + ;; + *) + echo "Unknown protocol. Please report to lynis-dev@cisofy.com" + ExitFatal + ;; + esac + fi logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}" UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null` EXITCODE=$? if [ ${EXITCODE} -gt 0 ]; then - echo "${RED}Error: ${NORMAL}Error occurred, cURL ended during the upload of the report data." - echo "Related exit code: ${EXITCODE}" - echo "Check the last section of the log file for the exact command used, for further troubleshooting" - echo "Debug:" - echo ${UPLOAD} + echo "" echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details." + echo "Suggested command: tail -n 20 ${LOGFILE}" + echo "" + case ${EXITCODE} in + 5) echo "${YELLOW}Error (5): ${NORMAL}Could not resolve the hostname of the proxy." ;; + 6) echo "${YELLOW}Error (6): ${NORMAL}Could not resolve the hostname of central server." ;; + 7) echo "${YELLOW}Error (7): ${NORMAL}Could not connect to central server or proxy server." ;; + 59) echo "${YELLOW}Error (59): ${NORMAL}Could not connect because of used SSL cipher." ;; + 83) echo "${YELLOW}Error (83): ${NORMAL}Could not check used certificate of server." ;; + *) echo "Related exit code: ${YELLOW}{EXITCODE}${NORMAL}. See man page of cURL for the meaning of this code." ;; + esac + if [ ! "${UPLOAD}" = "" ]; then echo ""; echo "Debug:"; echo ${UPLOAD}; fi + echo "" # Quit ExitClean fi diff --git a/include/profiles b/include/profiles index 60872345..53c1b794 100644 --- a/include/profiles +++ b/include/profiles @@ -183,6 +183,17 @@ UPLOAD_OPTIONS="${VALUE}" ;; + # Proxy settings + upload_proxy_port) + UPLOAD_PROXY_PORT="${VALUE}" + ;; + upload_proxy_protocol) + UPLOAD_PROXY_PROTOCOL="${VALUE}" + ;; + upload_proxy_server) + UPLOAD_PROXY_SERVER="${VALUE}" + ;; + # Receiving system (IP address or hostname) upload_server) UPLOAD_SERVER="${VALUE}" |