tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 22:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #765 from Marzal/Marzal-AUTH-9282

Browse Source 
Fix auth-9282
This commit is contained in:
Michael Boelen 2019-09-21 15:49:58 +02:00 committed by GitHub
commit 2c32e8e04d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
include/tests_authentication
View File

@ -738,28 +738,28 @@
# Note : Every Linux based operating system seem to have different passwd # Note : Every Linux based operating system seem to have different passwd
# options, so we have to check the version first. # options, so we have to check the version first.
if [ "${OS}" = "Linux" ]; then if [ "${OS}" = "Linux" ]; then
if [ ${OS_REDHAT_OR_CLONE} -eq 0 ]; then if [ "${OS_REDHAT_OR_CLONE}" -eq 0 ]; then
case ${LINUX_VERSION} in case ${LINUX_VERSION} in
"SuSE") "SuSE")
PREQS_MET="YES" PREQS_MET="YES"
FIND=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') FIND_P=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
;; ;;
*) *)
PREQS_MET="YES" PREQS_MET="YES"
FIND=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') FIND_P=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
;; ;;
esac esac
elif [ ${OS_REDHAT_OR_CLONE} -eq 1 ]; then elif [ "${OS_REDHAT_OR_CLONE}" -eq 1 ]; then
PREQS_MET="YES" PREQS_MET="YES"
FIND=$(for I in $(${AWKBINARY} -F: '{print $1}' ${ROOTDIR}etc/passwd) ; do passwd -S $I | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done) FIND_P=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done)
FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' ${ROOTDIR}etc/passwd) ; do passwd -S $I | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done) FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done)
else else
LogText "Result: skipping test for this Linux version" LogText "Result: skipping test for this Linux version"
ReportManual "AUTH-9282:01" ReportManual "AUTH-9282:01"
PREQS_MET="NO" PREQS_MET="NO"
FIND="" FIND_P=""
FIND2="" FIND2=""
fi fi
else else
@ -769,18 +769,18 @@
# Test : AUTH-9282 # Test : AUTH-9282
# Description : Search password protected accounts without expire (Linux) # Description : Search password protected accounts without expire (Linux)
Register --test-no AUTH-9282 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking password protected account without expire date" Register --test-no AUTH-9282 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking password protected account without expire date"
if [ ${SKIPTEST} -eq 0 ]; then if [ "${SKIPTEST}" -eq 0 ]; then
LogText "Test: Checking Linux version and password expire date status" LogText "Test: Checking Linux version and password expire date status"
if [ -z "${FIND}" ]; then if [ -z "${FIND_P}" ]; then
LogText "Result: all accounts seem to have an expire date" LogText "Result: all accounts seem to have an expire date"
Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_OK}" --color GREEN Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_OK}" --color GREEN
else else
LogText "Result: found one or more accounts with expire date set" LogText "Result: found one or more accounts without expire date set"
for I in ${FIND}; do for I in ${FIND_P}; do
LogText "Account without expire date: ${I}" LogText "Account without expire date: ${I}"
done done
Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_SUGGESTION}" --color YELLOW Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_SUGGESTION}" --color YELLOW
ReportSuggestion ${TEST_NO} "When possible set expire dates for all password protected accounts" ReportSuggestion "${TEST_NO}" "When possible set expire dates for all password protected accounts"
fi fi
fi fi
# #
@ -789,7 +789,7 @@
# Test : AUTH-9283 # Test : AUTH-9283
# Description : Search passwordless accounts # Description : Search passwordless accounts
Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password" Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password"
if [ ${SKIPTEST} -eq 0 ]; then if [ "${SKIPTEST}" -eq 0 ]; then
LogText "Test: Checking passwordless accounts" LogText "Test: Checking passwordless accounts"
if [ -z "${FIND2}" ]; then if [ -z "${FIND2}" ]; then
LogText "Result: all accounts seem to have a password" LogText "Result: all accounts seem to have a password"
@ -801,7 +801,7 @@
Report "account_without_password=${I}" Report "account_without_password=${I}"
done done
Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "Found accounts without password" ReportWarning "${TEST_NO}" "Found accounts without password"
fi fi
fi fi
# #