tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[AUTH-9229] added option to look for LOCKED accounts

This commit is contained in:
Michael Boelen 2020-06-23 13:57:14 +02:00
parent 610f70d5aa
commit 36f86d76c4
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/tests_authentication
View File

@ -293,8 +293,8 @@
if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi
FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do
case ${METHOD} in case ${METHOD} in
1:\* | 1:x | 0: | *:!*) 1:\* | 1:x | 0: | *:!* | *LOCK*)
# disabled | shadowed | no password | locked account # disabled | shadowed | no password | locked account (can be literal *LOCK* or something like LOCKED)
;; ;;
*:\$5\$*| *:\$6\$*) *:\$5\$*| *:\$6\$*)
# sha256crypt | sha512crypt: check number of rounds, should be >5000 # sha256crypt | sha512crypt: check number of rounds, should be >5000