#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
# Web site: https://cisofy.com
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Read profile/template
#
#################################################################################
#
    Display --indent 2 --text "- Checking profile file (${PROFILE})..."
    logtext "Reading profile/configuration ${PROFILE}"
    FIND=`cat ${PROFILE} | grep '^config:' | sed 's/ /!space!/g'`
    for I in ${FIND}; do
        OPTION=`echo ${I} | cut -d ':' -f2`
        VALUE=`echo ${I} | cut -d ':' -f3 | sed 's/!space!/ /g'`

        logtext "Profile option set: ${OPTION} (with value ${VALUE})"

        case ${OPTION} in

            # Maximum number of WAITing connections
            connections_max_wait_state)
                OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}"
            ;;

            # Append something to URL for control information
            control_url_append)
                CONTROL_URL_APPEND="${VALUE}"
            ;;

            # Prepend an URL before control information link
            control_url_prepend)
                CONTROL_URL_PREPEND="${VALUE}"
            ;;

            # Append something to URL for control information (only applies to CUST-*)
            custom_url_append)
                CUSTOM_URL_APPEND="${VALUE}"
            ;;

            # Prepend an URL before control information link (only applies to CUST-*)
            custom_url_prepend)
                CUSTOM_URL_PREPEND="${VALUE}"
            ;;

            # Do not check security repository in sources.list (Debian/Ubuntu)
            debian_skip_security_repository)
            OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY="${VALUE}"
            ;;
            debug)
                if [ "${VALUE}" = "yes" -o "${VALUE}" = "true" ]; then
                    DEBUG=1
                fi
            ;;
            # Skip FreeBSD port audit
            freebsd_skip_portaudit)
                logtext "Option set: Skip FreeBSD portaudit"
                OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}"
            ;;

            # Lynis Enterprise: group name
            group)
                GROUP_NAME="${VALUE}"
            ;;

            # Lynis Enterprise license key
            license_key)
                LICENSE_KEY="${VALUE}"
                report "license_key=${LICENSE_KEY}"
            ;;

            # Do (not) log tests if they have an different operating system
            log_tests_incorrect_os)
                logtext "Option set: No logging for incorrect OS"
                if [ "${VALUE}" = "no" ]; then LOG_INCORRECT_OS=0; else LOG_INCORRECT_OS=1; fi
            ;;

            # What type of machine we are scanning (eg. desktop, server, server with storage)
            machine_role)
                MACHINE_ROLE="${VALUE}"
            ;;

            # Define if any found NTP daemon instance is configured as a server or client
            ntpd_role)
                NTPD_ROLE="${VALUE}"
            ;;

            # How much seconds to wait between tests
            pause_between_tests)
                TEST_PAUSE_TIME="${VALUE}"
            ;;

            # Profile name
            profile_name)
                PROFILE_NAME="${VALUE}"
            ;;

            # Inline tips about tool
            show_tool_tips)
                SHOW_TOOL_TIPS="${VALUE}"
            ;;

            # Tests to always skip (useful for false positives or problematic tests)
            test_skip_always)
                TEST_SKIP_ALWAYS="${VALUE}"
                logtext "Tests to be skipped: ${VALUE}"
            ;;

            # Do not check the latest version on the internet
            skip_upgrade_test)
                if [ "${VALUE}" = "yes" -o "${VALUE}" = "YES" ]; then SKIP_UPGRADE_TEST=1; else SKIP_UPGRADE_TEST=0; fi
            ;;

            # Define what kind of scan we are performing
            test_scan_mode)
                if [ "${VALUE}" = "light" ]; then   SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="NO";  SCAN_TEST_HEAVY="NO";  fi
                if [ "${VALUE}" = "normal" ]; then  SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="NO";  fi
                if [ "${VALUE}" = "full" ]; then    SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="YES"; fi
            ;;

            # Server IP or hostname
            update_server_address)
                UPDATE_SERVER_ADDRESS="${VALUE}"
            ;;

            # Protocol (http, https)
            update_server_protocol)
                UPDATE_SERVER_PROTOCOL="${VALUE}"
            ;;

            # File path to tarball on server
            update_latest_version_download)
                UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}"
            ;;

            # File path to information file
            update_latest_version_info)
                UPDATE_LATEST_VERSION_INFO="${VALUE}"
            ;;

            # Local directory where lynis directory will be placed
            update_local_directory)
                UPDATE_LOCAL_DIRECTORY="${VALUE}"
            ;;

            # Local file to maintain current version
            update_local_version_info)
                UPDATE_LOCAL_VERSION_INFO="${VALUE}"
            ;;

            # Options during upload of data
            upload_options)
                UPLOAD_OPTIONS="${VALUE}"
            ;;

            # Receiving system (IP address or hostname)
            upload_server)
                UPLOAD_SERVER="${VALUE}"
            ;;

            # Catch all bad options and bail out
            *)
                logtext "Unknown option ${OPTION} (with value: ${VALUE})"
                echo "Fatal error: found errors in profile"
                echo "Unknown option '${OPTION}' found (with value: ${VALUE})"
                ExitFatal
            ;;

        esac

    done
#
#################################################################################
#
    # Add group name to report
    if [ ! "${GROUP_NAME}" = "" ]; then
        report "group=${GROUP_NAME}"
    fi
#
#################################################################################
#
    # Set default values (only if not configured in profile)

    if [ "${MACHINE_ROLE}" = "" ]; then
        MACHINE_ROLE="server"
        logtext "Set option to default value: MACHINE_ROLE --> ${MACHINE_ROLE}"
    fi

    if [ "${NTPD_ROLE}" = "" ]; then
        NTPD_ROLE="client"
        logtext "Set option to default value: NTPD_ROLE --> ${NTPD_ROLE}"
    fi

#
#################################################################################
#

logtextbreak

#================================================================================
# Lynis - Copyright 2007-2015, Michael Boelen - CISOfy, https://cisofy.com
