From 21f4544016d67e37e96f5ba49872766419fe31e9 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 22 Feb 2021 09:31:30 +0100
Subject: [PATCH] Install default check_policy file on init

---
 CHANGELOG.md         |  1 +
 lib/includes         | 13 ++++++++++---
 test/main.bats       | 10 ++++++++++
 tpl/check_policy.tpl |  3 +++
 4 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 tpl/check_policy.tpl

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96cf67c..4e35f9d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+* bkctld-init: install check_policy template
 * test: bkctld check-incs shouldn't fail without incs_policy file
 
 ### Changed
diff --git a/lib/includes b/lib/includes
index c5870d9..2d0e097 100755
--- a/lib/includes
+++ b/lib/includes
@@ -374,13 +374,20 @@ setup_jail_config() {
     info "4 - Copie default sshd_config"
     install -m 0640 "${sshd_config_tpl}" "${jail_sshd_config}"
 
-    inctpl="${TPLDIR}/inc.tpl"
-    test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"
 
     info "5 - Copie default inc configuration"
+    inc_policy_tpl="${TPLDIR}/inc.tpl"
+    test -f "${LOCALTPLDIR}/inc.tpl" && inc_policy_tpl="${LOCALTPLDIR}/inc.tpl"
     jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}")
     mkdir --parents "$(dirname "${jail_incs_policy_file}")"
-    install -m 0640 "${inctpl}" "${jail_incs_policy_file}"
+    install -m 0640 "${inc_policy_tpl}" "${jail_incs_policy_file}"
+
+    check_policy_tpl="${TPLDIR}/check_policy.tpl"
+    test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl"
+    jail_check_policy_file=$(jail_check_policy_file "${jail_name}")
+    mkdir --parents "$(dirname "${jail_check_policy_file}")"
+    install -m 0640 "${check_policy_tpl}" "${jail_check_policy_file}"
+
     "${LIBDIR}/bkctld-port" "${jail_name}" auto
 }
 
diff --git a/test/main.bats b/test/main.bats
index 7ebe490..7d7e7bb 100755
--- a/test/main.bats
+++ b/test/main.bats
@@ -15,6 +15,16 @@ load test_helper
     fi
 }
 
+@test "New jail should have a incs_policy file" {
+    run test -f "/etc/evobackup/${JAILNAME}.d/incs_policy"
+    assert_success
+}
+
+@test "New jail should have a check_policy file" {
+    run test -f "/etc/evobackup/${JAILNAME}.d/check_policy"
+    assert_success
+}
+
 @test "A jail should be able to be started" {
     /usr/lib/bkctld/bkctld-start "${JAILNAME}"
     pid=$(cat "${JAILPATH}/${SSHD_PID}")
diff --git a/tpl/check_policy.tpl b/tpl/check_policy.tpl
new file mode 100644
index 0000000..e462801
--- /dev/null
+++ b/tpl/check_policy.tpl
@@ -0,0 +1,3 @@
+## Uncomment and adapt thresholds (values are in hours)
+# WARNING=24
+# CRITICAL=48