From b836cabdba93e70470405340c4ec7ccde1feb1cd Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Sat, 8 Sep 2018 22:29:10 +0800
Subject: [PATCH] Modify audit and apply methods for 9.2.1

---
 bin/hardening/9.2.1_enable_cracklib.sh | 45 ++++++++++++++------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/bin/hardening/9.2.1_enable_cracklib.sh b/bin/hardening/9.2.1_enable_cracklib.sh
index 115c530..9b6627a 100755
--- a/bin/hardening/9.2.1_enable_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_cracklib.sh
@@ -46,46 +46,51 @@ audit () {
     is_pkg_installed $PACKAGE
     if [ $FNRET != 0 ]; then
         crit "$PACKAGE is not installed!"
+        FNRET=1
     else
         ok "$PACKAGE is installed"
         does_pattern_exist_in_file $FILE $PATTERN
         if [ $FNRET = 0 ]; then
-            ok "$PATTERN is present in $FILE"
-            check_password_by_pam $OPTION_DCREDIT gt $DCREDIT_CONDT  
-            if [ $FNRET = 0 ]; then
-                ok "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
-            else
-                cirt "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
-                FNRET=1
-            fi
             #ok "$PATTERN is present in $FILE"
-            #check_password_by_pam $OPTION_RETRY gt $RETRY_CONDT  
+            #check_password_by_pam $OPTION_DCREDIT gt $DCREDIT_CONDT  
             #if [ $FNRET = 0 ]; then
-            #    ok "$OPTION_RETRY set condition is $RETRY_CONDT"
+            #    ok "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
             #else
-            #    crit "$OPTION_RETRY set condition is $RETRY_CONDT"
-                FNRET=1
+            #    crit "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
+            #    FNRET=1
+            #fi
+            ok "$PATTERN is present in $FILE"
+            check_password_by_pam $OPTION_RETRY eq $RETRY_CONDT  
+            if [ $FNRET = 0 ]; then
+                ok "$OPTION_RETRY set condition is $RETRY_CONDT"
+            else
+                crit "$OPTION_RETRY set condition is $RETRY_CONDT"
+                #FNRET=3
+            fi
         else
             crit "$PATTERN is not present in $FILE"
+            FNRET=2
         fi
     fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply () {
-    is_pkg_installed $PACKAGE
+#    is_pkg_installed $PACKAGE
     if [ $FNRET = 0 ]; then
         ok "$PACKAGE is installed"
-    else
+    elif [ $FNRET = 1 ]; then
         crit "$PACKAGE is absent, installing it"
         apt_install $PACKAGE
-    fi
-    does_pattern_exist_in_file $FILE $PATTERN
-    if [ $FNRET = 0 ]; then
-        ok "$PATTERN is present in $FILE"
-    else
-        crit "$PATTERN is not present in $FILE"
+    elif [ $FNRET = 2 ]; then
+        crit "$PATTERN is not present in $FILE, add default config to $FILE"
         add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+    elif [ $FNRET = 3 ]; then
+        crit "$OPTION_RETRY set is not match legally, reset it 3"
+    elif [ $FNRET = 4 ]; then
+        crit "$OPTION_RETRY set is not match legally, reset it 4"
+    elif [ $FNRET = 5 ]; then
+        crit "$OPTION_RETRY set is not match legally, reset it 5"
     fi 
 }