From 0c676832d13aa7f86af3b1d5a0516da820203327 Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Fri, 10 May 2019 15:49:17 +0800
Subject: [PATCH] Rename and reorder number for pam module check.

---
 ...at_cracklib.sh => 9.2.10_pam_maxclassrepeat_cracklib.sh} | 0
 ...ny_times_password.sh => 9.2.11_pam_deny_times_tally2.sh} | 0
 ...iled_password.sh => 9.2.12_pam_lockout_failed_tally2.sh} | 0
 ...assword_sha512.sh => 9.2.13_pam_password_sha512_unix.sh} | 2 +-
 ...t_nullpwd.sh => 9.2.14_pam_auth_without_nullpwd_unix.sh} | 0
 ....sh => 9.2.15_pam_printlastlog_to_showfailed_lastlog.sh} | 2 +-
 ...password_reuse.sh => 9.2.16_pam_limit_password_reuse.sh} | 6 +++---
 ...root_password.sh => 9.2.17_pam_even_deny_root_tally2.sh} | 0
 ...enable_retry_cracklib.sh => 9.2.1_pam_retry_cracklib.sh} | 0
 ...able_minlen_cracklib.sh => 9.2.2_pam_minlen_cracklib.sh} | 0
 ...le_dcredit_cracklib.sh => 9.2.3_pam_dcredit_cracklib.sh} | 0
 ...le_ucredit_cracklib.sh => 9.2.4_pam_ucredit_cracklib.sh} | 0
 ...le_ocredit_cracklib.sh => 9.2.5_pam_ocredit_cracklib.sh} | 0
 ...le_lcredit_cracklib.sh => 9.2.6_pam_lcredit_cracklib.sh} | 0
 ...enable_difok_cracklib.sh => 9.2.7_pam_difok_cracklib.sh} | 0
 ..._minclass_cracklib.sh => 9.2.8_pam_minclass_cracklib.sh} | 0
 ...axrepeat_cracklib.sh => 9.2.9_pam_maxrepeat_cracklib.sh} | 0
 17 files changed, 5 insertions(+), 5 deletions(-)
 rename bin/hardening/{9.2.10_enable_maxclassrepeat_cracklib.sh => 9.2.10_pam_maxclassrepeat_cracklib.sh} (100%)
 rename bin/hardening/{9.2.11_set_deny_times_password.sh => 9.2.11_pam_deny_times_tally2.sh} (100%)
 rename bin/hardening/{9.2.16_enable_lockout_failed_password.sh => 9.2.12_pam_lockout_failed_tally2.sh} (100%)
 rename bin/hardening/{9.2.13_enable_password_sha512.sh => 9.2.13_pam_password_sha512_unix.sh} (96%)
 rename bin/hardening/{9.2.14_enable_auth_without_nullpwd.sh => 9.2.14_pam_auth_without_nullpwd_unix.sh} (100%)
 rename bin/hardening/{9.2.15_set_printlastlog_to_showfailed.sh => 9.2.15_pam_printlastlog_to_showfailed_lastlog.sh} (96%)
 rename bin/hardening/{9.2.12_limit_password_reuse.sh => 9.2.16_pam_limit_password_reuse.sh} (92%)
 rename bin/hardening/{9.2.17_enable_even_deny_root_password.sh => 9.2.17_pam_even_deny_root_tally2.sh} (100%)
 rename bin/hardening/{9.2.1_enable_retry_cracklib.sh => 9.2.1_pam_retry_cracklib.sh} (100%)
 rename bin/hardening/{9.2.2_enable_minlen_cracklib.sh => 9.2.2_pam_minlen_cracklib.sh} (100%)
 rename bin/hardening/{9.2.3_enable_dcredit_cracklib.sh => 9.2.3_pam_dcredit_cracklib.sh} (100%)
 rename bin/hardening/{9.2.4_enable_ucredit_cracklib.sh => 9.2.4_pam_ucredit_cracklib.sh} (100%)
 rename bin/hardening/{9.2.5_enable_ocredit_cracklib.sh => 9.2.5_pam_ocredit_cracklib.sh} (100%)
 rename bin/hardening/{9.2.6_enable_lcredit_cracklib.sh => 9.2.6_pam_lcredit_cracklib.sh} (100%)
 rename bin/hardening/{9.2.7_enable_difok_cracklib.sh => 9.2.7_pam_difok_cracklib.sh} (100%)
 rename bin/hardening/{9.2.8_enable_minclass_cracklib.sh => 9.2.8_pam_minclass_cracklib.sh} (100%)
 rename bin/hardening/{9.2.9_enable_maxrepeat_cracklib.sh => 9.2.9_pam_maxrepeat_cracklib.sh} (100%)

diff --git a/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh b/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh
rename to bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
diff --git a/bin/hardening/9.2.11_set_deny_times_password.sh b/bin/hardening/9.2.11_pam_deny_times_tally2.sh
similarity index 100%
rename from bin/hardening/9.2.11_set_deny_times_password.sh
rename to bin/hardening/9.2.11_pam_deny_times_tally2.sh
diff --git a/bin/hardening/9.2.16_enable_lockout_failed_password.sh b/bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
similarity index 100%
rename from bin/hardening/9.2.16_enable_lockout_failed_password.sh
rename to bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
diff --git a/bin/hardening/9.2.13_enable_password_sha512.sh b/bin/hardening/9.2.13_pam_password_sha512_unix.sh
similarity index 96%
rename from bin/hardening/9.2.13_enable_password_sha512.sh
rename to bin/hardening/9.2.13_pam_password_sha512_unix.sh
index f2b531b..d87351d 100755
--- a/bin/hardening/9.2.13_enable_password_sha512.sh
+++ b/bin/hardening/9.2.13_pam_password_sha512_unix.sh
@@ -53,7 +53,7 @@ apply () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.14_enable_auth_without_nullpwd.sh b/bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
similarity index 100%
rename from bin/hardening/9.2.14_enable_auth_without_nullpwd.sh
rename to bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
diff --git a/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh b/bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
similarity index 96%
rename from bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh
rename to bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
index 10203b7..08a77a8 100755
--- a/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh
+++ b/bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
@@ -53,7 +53,7 @@ apply () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.12_limit_password_reuse.sh b/bin/hardening/9.2.16_pam_limit_password_reuse.sh
similarity index 92%
rename from bin/hardening/9.2.12_limit_password_reuse.sh
rename to bin/hardening/9.2.16_pam_limit_password_reuse.sh
index b5fddbc..fd2f085 100755
--- a/bin/hardening/9.2.12_limit_password_reuse.sh
+++ b/bin/hardening/9.2.16_pam_limit_password_reuse.sh
@@ -15,9 +15,9 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=3
 
 PACKAGE='libpam-modules'
-PATTERN='^password.*pam_unix.so'
+PATTERN='^password.*pam_pwhistory.so'
 FILE='/etc/pam.d/common-password'
-KEYWORD='pam_unix.so'
+KEYWORD='pam_pwhistory.so'
 OPTIONNAME='remember'
 CONDT_VAL=5
 
@@ -54,7 +54,7 @@ apply () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password required pam_pwhistory.so remember=5" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.17_enable_even_deny_root_password.sh b/bin/hardening/9.2.17_pam_even_deny_root_tally2.sh
similarity index 100%
rename from bin/hardening/9.2.17_enable_even_deny_root_password.sh
rename to bin/hardening/9.2.17_pam_even_deny_root_tally2.sh
diff --git a/bin/hardening/9.2.1_enable_retry_cracklib.sh b/bin/hardening/9.2.1_pam_retry_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.1_enable_retry_cracklib.sh
rename to bin/hardening/9.2.1_pam_retry_cracklib.sh
diff --git a/bin/hardening/9.2.2_enable_minlen_cracklib.sh b/bin/hardening/9.2.2_pam_minlen_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.2_enable_minlen_cracklib.sh
rename to bin/hardening/9.2.2_pam_minlen_cracklib.sh
diff --git a/bin/hardening/9.2.3_enable_dcredit_cracklib.sh b/bin/hardening/9.2.3_pam_dcredit_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.3_enable_dcredit_cracklib.sh
rename to bin/hardening/9.2.3_pam_dcredit_cracklib.sh
diff --git a/bin/hardening/9.2.4_enable_ucredit_cracklib.sh b/bin/hardening/9.2.4_pam_ucredit_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.4_enable_ucredit_cracklib.sh
rename to bin/hardening/9.2.4_pam_ucredit_cracklib.sh
diff --git a/bin/hardening/9.2.5_enable_ocredit_cracklib.sh b/bin/hardening/9.2.5_pam_ocredit_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.5_enable_ocredit_cracklib.sh
rename to bin/hardening/9.2.5_pam_ocredit_cracklib.sh
diff --git a/bin/hardening/9.2.6_enable_lcredit_cracklib.sh b/bin/hardening/9.2.6_pam_lcredit_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.6_enable_lcredit_cracklib.sh
rename to bin/hardening/9.2.6_pam_lcredit_cracklib.sh
diff --git a/bin/hardening/9.2.7_enable_difok_cracklib.sh b/bin/hardening/9.2.7_pam_difok_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.7_enable_difok_cracklib.sh
rename to bin/hardening/9.2.7_pam_difok_cracklib.sh
diff --git a/bin/hardening/9.2.8_enable_minclass_cracklib.sh b/bin/hardening/9.2.8_pam_minclass_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.8_enable_minclass_cracklib.sh
rename to bin/hardening/9.2.8_pam_minclass_cracklib.sh
diff --git a/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh b/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh
similarity index 100%
rename from bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh
rename to bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh