Added PLGN-0008 to parse /etc/security/pwquality.conf

2017-03-01 16:28:05 +01:00 · 2017-03-01 16:28:05 +01:00 · 2c56651698
parent 295fe93ca6
commit 2c56651698
1 changed files with 45 additions and 4 deletions
--- a/plugins/plugin_pam_phase1
+++ b/plugins/plugin_pam_phase1
@ -6,21 +6,62 @@
 #-----------------------------------------------------
 # PLUGIN_AUTHOR=Michael Boelen <michael.boelen@cisofy.com>
 # PLUGIN_CATEGORY=authentication
-# PLUGIN_DATE=2015-10-21
+# PLUGIN_DATE=2017-03-01
 # PLUGIN_DESC=PAM
 # PLUGIN_NAME=pam
 # PLUGIN_PACKAGE=all
 # PLUGIN_REQUIRED_TESTS=
-# PLUGIN_VERSION=1.0.0
+# PLUGIN_VERSION=1.0.1
 #-----------------------------------------------------
 #########################################################################
 #
+    # Variables
    MAX_PASSWORD_RETRY=""
+    PAM_DIRECTORY="${ROOTDIR}etc/pam.d"
+
+    # Test        : PLGN-0008
+    # Description : Check PAM configuration
+    FILE="${ROOTDIR}etc/security/pwquality.conf"
+    if [ -f ${FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PLGN-0008 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration (pwquality.conf)" --progress
+    if [ ${SKIPTEST} -eq 0 ]; then
+        for LINE in $(${GREPBINARY} -v "^#" ${FILE} | ${TRBINARY} -d " "); do
+            for I in ${LINE}; do
+                OPTION=$(echo ${I} | awk -F= '{ print $1 }')
+                VALUE=$(echo ${I} | awk -F= '{ print $2 }')
+                case ${OPTION} in
+                    minlen)
+                        DigitsOnly ${VALUE}
+                        MIN_PASSWORD_LENGTH=${VALUE}
+                    ;;
+                    retry)
+                        DigitsOnly ${VALUE}
+                        MAX_PASSWORD_RETRY=${VALUE}
+                    ;;
+                    minclass)
+                        MIN_PASSWORD_CLASS=${VALUE}
+                    ;;
+                    dcredit)
+                        CREDITS_D_PASSWORD=${VALUE}
+                    ;;
+                    lcredit)
+                        CREDITS_L_PASSWORD=${VALUE}
+                    ;;
+                    ocredit)
+                        CREDITS_O_PASSWORD=${VALUE}
+                    ;;
+                    ucredit)
+                        CREDITS_U_PASSWORD=${VALUE}
+                    ;;
+                esac
+            done
+        done
+    fi
+

-    PAM_DIRECTORY="/etc/pam.d"
    # Test        : PLGN-0010
    # Description : Check PAM configuration
-    if [ -f /etc/pam.conf -o -d /etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -f ${ROOTDIR}etc/pam.conf -o -d ${ROOTDIR}etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PLGN-0010 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration" --progress
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUNDPROBLEM=0