diff --git a/bin/hardening/10.1.1_set_password_exp_days.sh b/bin/hardening/10.1.1_set_password_exp_days.sh index ea1a3a1..ec83a51 100755 --- a/bin/hardening/10.1.1_set_password_exp_days.sh +++ b/bin/hardening/10.1.1_set_password_exp_days.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9 or CentOS8 Hardening # # @@ -14,45 +14,31 @@ set -u # One variable unset, it's over HARDENING_LEVEL=3 -PACKAGE='login' OPTIONS='PASS_MAX_DAYS=90' FILE='/etc/login.defs' SHA_FILE='/etc/shadow' # This function will be called if the script status is on enabled / audit mode audit () { - is_pkg_installed $PACKAGE - if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed!" - else - ok "$PACKAGE is installed" - SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) - SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" - does_pattern_exist_in_file $FILE "$PATTERN" - if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" - else - crit "$PATTERN is not present in $FILE" - fi + SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) + SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) + PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + does_pattern_exist_in_file $FILE "$PATTERN" + if [ $FNRET = 0 ]; then + ok "$PATTERN is present in $FILE" + else + crit "$PATTERN is not present in $FILE" + fi - if [ $(egrep ^[^:]+:[^\!*] $SHA_FILE | awk -F: '$5 > "'$SSH_VALUE'" {print $1}' | wc -l) -gt 0 ]; then - crit "Have least user's maxinum password lifttime is greater than $SSH_VALUE day" - else - ok "All user's maxinum password lifttime is equal or less than $SSH_VALUE day" - fi - fi + if [ $(egrep ^[^:]+:[^\!*] $SHA_FILE | awk -F: '$5 > "'$SSH_VALUE'" {print $1}' | wc -l) -gt 0 ]; then + crit "Have least user's maxinum password lifttime is greater than $SSH_VALUE day" + else + ok "All user's maxinum password lifttime is equal or less than $SSH_VALUE day" + fi } # This function will be called if the script status is on enabled mode apply () { - is_pkg_installed $PACKAGE - if [ $FNRET = 0 ]; then - ok "$PACKAGE is installed" - else - crit "$PACKAGE is absent, installing it" - install_package $PACKAGE - fi SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"