Add reset_option_to_password_check method to reset option value when option value is not correct.

2025-07-30 17:15:45 +02:00 · 2018-09-10 03:12:27 +08:00 · 2018-09-10 03:12:27 +08:00 · a28c55758c
commit a28c55758c
parent a7e5614b75
2 changed files with 25 additions and 4 deletions
--- a/bin/hardening/9.2.1_enable_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_cracklib.sh
@ -91,8 +91,8 @@ apply () {
        crit "$OPTION_RETRY is not conf"
        add_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY=$RETRY_CONDT"
    elif [ $FNRET = 5 ]; then
-        crit "$OPTION_RETRY set is not match legally, reset it to $RETRT_CONDT"
-
+        crit "$OPTION_RETRY set is not match legally, reset it to $RETRY_CONDT"
+        reset_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY" "$RETRY_CONDT"
    fi 
 }

--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -481,7 +481,8 @@ check_password_by_pam()


 # Add password check option 
-add_option_to_password_check() {
+add_option_to_password_check() 
+{
    #Example:
    #local PAMPWDFILE="/etc/pam.d/common-password"
    #local KEYWORD="pam_cracklib.so"
@ -490,7 +491,7 @@ add_option_to_password_check() {
    local PAMPWDFILE=$1
    local KEYWORD=$2
    local OPTIONSTR=$3
-    debug "Setting $OPTION for $KEYWORD"
+    debug "Setting $OPTIONSTR for $KEYWORD"
    backup_file "$PAMPWDFILE"
    # For example : 
    # password  requisite           pam_cracklib.so  minlen=8 difok=3
@ -498,3 +499,23 @@ add_option_to_password_check() {
    sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE  
 }

+# Reset password check option value when option is not set a correct value 
+reset_option_to_password_check()
+{
+    #Example:
+    #local PAMPWDFILE="/etc/pam.d/common-password"
+    #local KEYWORD="pam_cracklib.so"
+    #local OPTIONNAME="retry"
+    #local OPTIONVAL="3"
+    set -x
+    local PAMPWDFILE=$1
+    local KEYWORD=$2
+    local OPTIONNAME=$3
+    local OPTIONVAL=$4
+    debug "Setting $OPTION for $KEYWORD reset option value to $OPTIONVAL"
+    backup_file "$PAMPWDFILE"
+    # For example : 
+    # password  requisite           pam_cracklib.so  minlen=8 difok=3 retry=1
+    # password  requisite           pam_cracklib.so  minlen=8 difok=3 retry=3
+    sed -ie "s/${OPTIONNAME}=./${OPTIONNAME}=${OPTIONVAL}/" $PAMPWDFILE
+}