diff --git a/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh b/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh index 65c3ae5..76fc3c2 100755 --- a/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh +++ b/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,27 +80,27 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT" diff --git a/bin/hardening/9.2.1_pam_retry_cracklib.sh b/bin/hardening/9.2.1_pam_retry_cracklib.sh index 267eb13..d389fba 100755 --- a/bin/hardening/9.2.1_pam_retry_cracklib.sh +++ b/bin/hardening/9.2.1_pam_retry_cracklib.sh @@ -49,9 +49,9 @@ audit () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else diff --git a/bin/hardening/9.2.2_pam_minlen_cracklib.sh b/bin/hardening/9.2.2_pam_minlen_cracklib.sh index 2d2d13b..61e3e71 100755 --- a/bin/hardening/9.2.2_pam_minlen_cracklib.sh +++ b/bin/hardening/9.2.2_pam_minlen_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is less than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,25 +80,25 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf, reset" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" diff --git a/bin/hardening/9.2.3_pam_dcredit_cracklib.sh b/bin/hardening/9.2.3_pam_dcredit_cracklib.sh index 1e7abdb..cd67fd5 100755 --- a/bin/hardening/9.2.3_pam_dcredit_cracklib.sh +++ b/bin/hardening/9.2.3_pam_dcredit_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is not set greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -98,7 +98,7 @@ apply_debian () { apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" diff --git a/bin/hardening/9.2.4_pam_ucredit_cracklib.sh b/bin/hardening/9.2.4_pam_ucredit_cracklib.sh index 59eed23..a1429b9 100755 --- a/bin/hardening/9.2.4_pam_ucredit_cracklib.sh +++ b/bin/hardening/9.2.4_pam_ucredit_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -99,7 +99,7 @@ apply_debian () { apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" diff --git a/bin/hardening/9.2.5_pam_ocredit_cracklib.sh b/bin/hardening/9.2.5_pam_ocredit_cracklib.sh index 1f9124d..b845520 100755 --- a/bin/hardening/9.2.5_pam_ocredit_cracklib.sh +++ b/bin/hardening/9.2.5_pam_ocredit_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -98,9 +98,9 @@ apply_debian () { apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT" diff --git a/bin/hardening/9.2.6_pam_lcredit_cracklib.sh b/bin/hardening/9.2.6_pam_lcredit_cracklib.sh index 91ccf42..b7f0962 100755 --- a/bin/hardening/9.2.6_pam_lcredit_cracklib.sh +++ b/bin/hardening/9.2.6_pam_lcredit_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,27 +80,27 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT" diff --git a/bin/hardening/9.2.7_pam_difok_cracklib.sh b/bin/hardening/9.2.7_pam_difok_cracklib.sh index 8f82b18..4f5bda3 100755 --- a/bin/hardening/9.2.7_pam_difok_cracklib.sh +++ b/bin/hardening/9.2.7_pam_difok_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is less than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,27 +80,27 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT" diff --git a/bin/hardening/9.2.8_pam_minclass_cracklib.sh b/bin/hardening/9.2.8_pam_minclass_cracklib.sh index 7302373..6472e2a 100755 --- a/bin/hardening/9.2.8_pam_minclass_cracklib.sh +++ b/bin/hardening/9.2.8_pam_minclass_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is less than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,27 +80,27 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT" diff --git a/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh b/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh index 9fba742..e4d0ece 100755 --- a/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh +++ b/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh @@ -39,9 +39,9 @@ audit_debian () { ok "$PATTERN is present in $FILE" check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL" else - crit "$OPTIONNAME set condition is $CONDT_VAL" + crit "$OPTIONNAME set condition is greater than $CONDT_VAL" #FNRET=3 fi else @@ -54,9 +54,9 @@ audit_debian () { audit_redhat () { check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL if [ $FNRET = 0 ]; then - ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT" + crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 2 ]; then crit "Option $OPTIONNAME is not conf in $FILE_REDHAT" elif [ $FNRET = 3 ]; then @@ -80,27 +80,27 @@ apply_debian () { if [ $FNRET = 0 ]; then ok "$PACKAGE is installed" elif [ $FNRET = 1 ]; then - crit "$PACKAGE is absent, installing it" + warn "$PACKAGE is absent, installing it" apt_install $PACKAGE elif [ $FNRET = 2 ]; then - crit "$PATTERN is not present in $FILE, add default config to $FILE" + warn "$PATTERN is not present in $FILE, add default config to $FILE" add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." elif [ $FNRET = 3 ]; then crit "$FILE is not exist, please check" elif [ $FNRET = 4 ]; then - crit "$OPTIONNAME is not conf" + warn "$OPTIONNAME is not conf" add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL" elif [ $FNRET = 5 ]; then - crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" + warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL" reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL" fi } apply_redhat () { if [ $FNRET = 0 ]; then - ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT" + ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT" elif [ $FNRET = 1 ]; then - warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" + warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT" replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL" elif [ $FNRET = 2 ]; then warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"