mirror of
https://github.com/hardenedlinux/harbian-audit.git
synced 2025-07-31 01:24:58 +02:00
Add reset_option_to_password_check method to reset option value when option value is not correct.
This commit is contained in:
Samson-W
parent
a7e5614b75
commit
a28c55758c
@ -91,8 +91,8 @@ apply () {
|
|||||||
crit "$OPTION_RETRY is not conf"
|
crit "$OPTION_RETRY is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY=$RETRY_CONDT"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY=$RETRY_CONDT"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTION_RETRY set is not match legally, reset it to $RETRT_CONDT"
|
crit "$OPTION_RETRY set is not match legally, reset it to $RETRY_CONDT"
|
||||||
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY" "$RETRY_CONDT"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
25
lib/utils.sh
25
lib/utils.sh
@ -481,7 +481,8 @@ check_password_by_pam()
|
|||||||
|
|
||||||
|
|
||||||
# Add password check option
|
# Add password check option
|
||||||
add_option_to_password_check() {
|
add_option_to_password_check()
|
||||||
|
{
|
||||||
#Example:
|
#Example:
|
||||||
#local PAMPWDFILE="/etc/pam.d/common-password"
|
#local PAMPWDFILE="/etc/pam.d/common-password"
|
||||||
#local KEYWORD="pam_cracklib.so"
|
#local KEYWORD="pam_cracklib.so"
|
||||||
@ -490,7 +491,7 @@ add_option_to_password_check() {
|
|||||||
local PAMPWDFILE=$1
|
local PAMPWDFILE=$1
|
||||||
local KEYWORD=$2
|
local KEYWORD=$2
|
||||||
local OPTIONSTR=$3
|
local OPTIONSTR=$3
|
||||||
debug "Setting $OPTION for $KEYWORD"
|
debug "Setting $OPTIONSTR for $KEYWORD"
|
||||||
backup_file "$PAMPWDFILE"
|
backup_file "$PAMPWDFILE"
|
||||||
# For example :
|
# For example :
|
||||||
# password requisite pam_cracklib.so minlen=8 difok=3
|
# password requisite pam_cracklib.so minlen=8 difok=3
|
||||||
@ -498,3 +499,23 @@ add_option_to_password_check() {
|
|||||||
sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE
|
sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Reset password check option value when option is not set a correct value
|
||||||
|
reset_option_to_password_check()
|
||||||
|
{
|
||||||
|
#Example:
|
||||||
|
#local PAMPWDFILE="/etc/pam.d/common-password"
|
||||||
|
#local KEYWORD="pam_cracklib.so"
|
||||||
|
#local OPTIONNAME="retry"
|
||||||
|
#local OPTIONVAL="3"
|
||||||
|
set -x
|
||||||
|
local PAMPWDFILE=$1
|
||||||
|
local KEYWORD=$2
|
||||||
|
local OPTIONNAME=$3
|
||||||
|
local OPTIONVAL=$4
|
||||||
|
debug "Setting $OPTION for $KEYWORD reset option value to $OPTIONVAL"
|
||||||
|
backup_file "$PAMPWDFILE"
|
||||||
|
# For example :
|
||||||
|
# password requisite pam_cracklib.so minlen=8 difok=3 retry=1
|
||||||
|
# password requisite pam_cracklib.so minlen=8 difok=3 retry=3
|
||||||
|
sed -ie "s/${OPTIONNAME}=./${OPTIONNAME}=${OPTIONVAL}/" $PAMPWDFILE
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user