From a635b7d4a98f648dd80e4e0d6428bce4dbbf2de4 Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Tue, 20 Aug 2019 01:34:34 +0800
Subject: [PATCH] Modify 9.2.1 to be compatible with CentOS.

---
 bin/hardening/9.2.1_pam_retry_cracklib.sh | 26 +++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/bin/hardening/9.2.1_pam_retry_cracklib.sh b/bin/hardening/9.2.1_pam_retry_cracklib.sh
index d3ba24d..267eb13 100755
--- a/bin/hardening/9.2.1_pam_retry_cracklib.sh
+++ b/bin/hardening/9.2.1_pam_retry_cracklib.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
@@ -19,6 +19,12 @@ PAMLIBNAME='pam_cracklib.so'
 PATTERN='^password.*pam_cracklib.so'
 FILE='/etc/pam.d/common-password'
 
+# Redhat/CentOS default use pam_pwquality
+PACKAGE_REDHAT='libpwquality'
+PAMLIBNAME_REDHAT='pam_pwquality.so'
+PATTERN_REDHAT='^password.*pam_pwquality.so'
+FILE_REDHAT='/etc/pam.d/system-auth'
+
 OPTIONNAME='retry'
 
 # condition 
@@ -26,6 +32,12 @@ CONDT_VAL=3
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		PACKAGE=$PACKAGE_REDHAT
+		PAMLIBNAME=$PAMLIBNAME_REDHAT
+		PATTERN=$PATTERN_REDHAT
+		FILE=$FILE_REDHAT
+	fi
     is_pkg_installed $PACKAGE
     if [ $FNRET != 0 ]; then
         crit "$PACKAGE is not installed!"
@@ -51,11 +63,21 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		PACKAGE=$PACKAGE_REDHAT
+		PAMLIBNAME=$PAMLIBNAME_REDHAT
+		PATTERN=$PATTERN_REDHAT
+		FILE=$FILE_REDHAT
+	fi
     if [ $FNRET = 0 ]; then
         ok "$PACKAGE is installed"
     elif [ $FNRET = 1 ]; then
         crit "$PACKAGE is absent, installing it"
-        apt_install $PACKAGE
+		if [ $OS_RELEASE -eq 2 ]; then
+			yum install -y $PACKAGE
+		else
+			apt_install $PACKAGE
+		fi
     elif [ $FNRET = 2 ]; then
         crit "$PATTERN is not present in $FILE, add default config to $FILE"
         add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."