Rename and reorder number for pam module check.

2019-05-10 15:49:17 +08:00 · 2019-05-10 15:49:17 +08:00 · 0c676832d1
parent e35e51602a
commit 0c676832d1
17 changed files with 5 additions and 5 deletions
--- a/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh
+++ b/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh
--- a/bin/hardening/9.2.11_set_deny_times_password.sh
+++ b/bin/hardening/9.2.11_set_deny_times_password.sh
--- a/bin/hardening/9.2.16_enable_lockout_failed_password.sh
+++ b/bin/hardening/9.2.16_enable_lockout_failed_password.sh
--- a/bin/hardening/9.2.13_pam_password_sha512_unix.sh
+++ b/bin/hardening/9.2.13_pam_password_sha512_unix.sh
@ -53,7 +53,7 @@ apply () {
        apt_install $PACKAGE
    elif [ $FNRET = 2 ]; then
        warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512" "# pam-auth-update(8) for details."
    elif [ $FNRET = 3 ]; then
        crit "$FILE is not exist, please check"
    elif [ $FNRET = 4 ]; then
--- a/bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
+++ b/bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
--- a/bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
+++ b/bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
@ -53,7 +53,7 @@ apply () {
        apt_install $PACKAGE
    elif [ $FNRET = 2 ]; then
        warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512" "# pam-auth-update(8) for details."
    elif [ $FNRET = 3 ]; then
        crit "$FILE is not exist, please check"
    elif [ $FNRET = 4 ]; then
--- a/bin/hardening/9.2.16_pam_limit_password_reuse.sh
+++ b/bin/hardening/9.2.16_pam_limit_password_reuse.sh
@ -15,9 +15,9 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=3

 PACKAGE='libpam-modules'
-PATTERN='^password.*pam_unix.so'
+PATTERN='^password.*pam_pwhistory.so'
 FILE='/etc/pam.d/common-password'
-KEYWORD='pam_unix.so'
+KEYWORD='pam_pwhistory.so'
 OPTIONNAME='remember'
 CONDT_VAL=5

@ -54,7 +54,7 @@ apply () {
        apt_install $PACKAGE
    elif [ $FNRET = 2 ]; then
        warn "$PATTERN is not present in $FILE"
-        add_line_file_before_pattern $FILE "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password required pam_pwhistory.so remember=5" "# pam-auth-update(8) for details."
    elif [ $FNRET = 3 ]; then
        crit "$FILE is not exist, please check"
    elif [ $FNRET = 4 ]; then
--- a/bin/hardening/9.2.17_enable_even_deny_root_password.sh
+++ b/bin/hardening/9.2.17_enable_even_deny_root_password.sh
--- a/bin/hardening/9.2.1_enable_retry_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_retry_cracklib.sh
--- a/bin/hardening/9.2.2_enable_minlen_cracklib.sh
+++ b/bin/hardening/9.2.2_enable_minlen_cracklib.sh
--- a/bin/hardening/9.2.3_enable_dcredit_cracklib.sh
+++ b/bin/hardening/9.2.3_enable_dcredit_cracklib.sh
--- a/bin/hardening/9.2.4_enable_ucredit_cracklib.sh
+++ b/bin/hardening/9.2.4_enable_ucredit_cracklib.sh
--- a/bin/hardening/9.2.5_enable_ocredit_cracklib.sh
+++ b/bin/hardening/9.2.5_enable_ocredit_cracklib.sh
--- a/bin/hardening/9.2.6_enable_lcredit_cracklib.sh
+++ b/bin/hardening/9.2.6_enable_lcredit_cracklib.sh
--- a/bin/hardening/9.2.7_enable_difok_cracklib.sh
+++ b/bin/hardening/9.2.7_enable_difok_cracklib.sh
--- a/bin/hardening/9.2.8_enable_minclass_cracklib.sh
+++ b/bin/hardening/9.2.8_enable_minclass_cracklib.sh
--- a/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh
+++ b/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh