From a28c55758c54ba56907583743a7a59d9c091f100 Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Mon, 10 Sep 2018 03:12:27 +0800
Subject: [PATCH] Add reset_option_to_password_check method to reset option
 value when option value is not correct.

---
 bin/hardening/9.2.1_enable_cracklib.sh |  4 ++--
 lib/utils.sh                           | 25 +++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/bin/hardening/9.2.1_enable_cracklib.sh b/bin/hardening/9.2.1_enable_cracklib.sh
index 1925d65..8d9f2d5 100755
--- a/bin/hardening/9.2.1_enable_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_cracklib.sh
@@ -91,8 +91,8 @@ apply () {
         crit "$OPTION_RETRY is not conf"
         add_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY=$RETRY_CONDT"
     elif [ $FNRET = 5 ]; then
-        crit "$OPTION_RETRY set is not match legally, reset it to $RETRT_CONDT"
-
+        crit "$OPTION_RETRY set is not match legally, reset it to $RETRY_CONDT"
+        reset_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY" "$RETRY_CONDT"
     fi 
 }
 
diff --git a/lib/utils.sh b/lib/utils.sh
index 9604b66..ee33089 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -481,7 +481,8 @@ check_password_by_pam()
 
 
 # Add password check option 
-add_option_to_password_check() {
+add_option_to_password_check() 
+{
     #Example:
     #local PAMPWDFILE="/etc/pam.d/common-password"
     #local KEYWORD="pam_cracklib.so"
@@ -490,7 +491,7 @@ add_option_to_password_check() {
     local PAMPWDFILE=$1
     local KEYWORD=$2
     local OPTIONSTR=$3
-    debug "Setting $OPTION for $KEYWORD"
+    debug "Setting $OPTIONSTR for $KEYWORD"
     backup_file "$PAMPWDFILE"
     # For example : 
     # password  requisite           pam_cracklib.so  minlen=8 difok=3
@@ -498,3 +499,23 @@ add_option_to_password_check() {
     sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE  
 }
 
+# Reset password check option value when option is not set a correct value 
+reset_option_to_password_check()
+{
+    #Example:
+    #local PAMPWDFILE="/etc/pam.d/common-password"
+    #local KEYWORD="pam_cracklib.so"
+    #local OPTIONNAME="retry"
+    #local OPTIONVAL="3"
+    set -x
+    local PAMPWDFILE=$1
+    local KEYWORD=$2
+    local OPTIONNAME=$3
+    local OPTIONVAL=$4
+    debug "Setting $OPTION for $KEYWORD reset option value to $OPTIONVAL"
+    backup_file "$PAMPWDFILE"
+    # For example : 
+    # password  requisite           pam_cracklib.so  minlen=8 difok=3 retry=1
+    # password  requisite           pam_cracklib.so  minlen=8 difok=3 retry=3
+    sed -ie "s/${OPTIONNAME}=./${OPTIONNAME}=${OPTIONVAL}/" $PAMPWDFILE
+}