tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add add_option_to_password_check method to set no seted option to pampassword config

This commit is contained in:
Samson-W 2018-09-09 23:13:16 +08:00
parent b836cabdba
commit a7e5614b75
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening/9.2.1_enable_cracklib.sh
View File

@ -14,7 +14,7 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=2
PACKAGE='libpam-cracklib'
PAMLIBNAME='libpam-cracklib.so'
PAMLIBNAME='pam_cracklib.so'
PATTERN='^password.*pam_cracklib.so'
FILE='/etc/pam.d/common-password'
@ -86,11 +86,13 @@ apply () {
crit "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 3"
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 4"
crit "$OPTION_RETRY is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTION_RETRY=$RETRY_CONDT"
elif [ $FNRET = 5 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 5"
crit "$OPTION_RETRY set is not match legally, reset it to $RETRT_CONDT"
fi
}

19
lib/utils.sh
View File

@ -479,3 +479,22 @@ check_password_by_pam()
fi
}
# Add password check option
add_option_to_password_check() {
#Example:
#local PAMPWDFILE="/etc/pam.d/common-password"
#local KEYWORD="pam_cracklib.so"
#local OPTIONSTR="retry=3"
set -x
local PAMPWDFILE=$1
local KEYWORD=$2
local OPTIONSTR=$3
debug "Setting $OPTION for $KEYWORD"
backup_file "$PAMPWDFILE"
# For example :
# password requisite pam_cracklib.so minlen=8 difok=3
# password requisite pam_cracklib.so minlen=8 difok=3 retry=3
sed -ie "s;\(^password.*$KEYWORD.*\);\1 $OPTIONSTR;" $PAMPWDFILE
}