tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add AUTH-9234 for NetBSD

This commit is contained in:
Brian Ginsbach 2020-03-19 16:38:37 -05:00
parent f342669777
commit 044c78452b
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/tests_authentication
View File

@ -331,7 +331,7 @@
# Notes : AIX: 100+ # Notes : AIX: 100+
# HPUX: 100+ # HPUX: 100+
# macOS doesn't have any user info in /etc/passwd, users are managed with opendirectoryd) # macOS doesn't have any user info in /etc/passwd, users are managed with opendirectoryd)
# OpenBSD/NetBSD: unknown # OpenBSD/NetBSD: 1000-60000, excluding 32767 (default)
# Arch Linux / CentOS / Ubuntu: 1000+ # Arch Linux / CentOS / Ubuntu: 1000+
Register --test-no AUTH-9234 --weight L --network NO --category security --description "Query user accounts" Register --test-no AUTH-9234 --weight L --network NO --category security --description "Query user accounts"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
@ -373,6 +373,23 @@
fi fi
;; ;;
"NetBSD")
if [ -f ${ROOTDIR}etc/usermgmt.conf ]; then
UID_RANGE=$(${GREPBINARY} "^range" ${ROOTDIR}etc/usermgmt.conf | ${AWKBINARY} '{ sub(/\.\./, "-", $2); print $2 }')
fi
if [ -n "${UID_RANGE}" ]; then
LogText "Result: found configured user id range specified: ${UID_RANGE}"
UID_MIN=$(echo $UID_RANGE | ${AWKBINARY} -F- '{ print $1 }')
UID_MAX=$(echo $UID_RANGE | ${AWKBINARY} -F- '{ print $2 }')
else
UID_MIN=1000
UID_MAX=60000
LogText "Result: no configured user id range specified; using default ${UID_MIN}-${UID_MAX}"
fi
LogText "NetBSD real users output (ID = 0, or ${UID_MIN}-${UID_MAX}, but not 32767):"
FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -v UID_MAX="${UID_MAX}" -F: '($3 >= UID_MIN && $3 <= UID_MAX && $3 != 32767) || ($3 == 0) { print $1","$3 }' /etc/passwd)
;;
"OpenBSD") "OpenBSD")
LogText "OpenBSD real users output (ID = 0, or 1000-60000, but not 32767):" LogText "OpenBSD real users output (ID = 0, or 1000-60000, but not 32767):"
FIND=$(${AWKBINARY} -F: '($3 >= 1000 && $3 <= 60000 && $3 != 32767) || ($3 == 0) { print $1","$3 }' /etc/passwd) FIND=$(${AWKBINARY} -F: '($3 >= 1000 && $3 <= 60000 && $3 != 32767) || ($3 == 0) { print $1","$3 }' /etc/passwd)