tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 05:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes to improve password strength testing

Browse Source
This commit is contained in:
mboelen 2015-10-21 22:58:52 +02:00
parent 69cbabfed2
commit 4cbeb31078
1 changed files with 19 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
plugins/plugin_pam_phase1
View File

@ -199,7 +199,7 @@
if [ "${MIN_PASSWORD_CLASS}" = "" ]; then MIN_PASSWORD_CLASS=0; fi if [ "${MIN_PASSWORD_CLASS}" = "" ]; then MIN_PASSWORD_CLASS=0; fi
if [ "${MIN_PASSWORD_LENGTH}" = "" ]; then MIN_PASSWORD_LENGTH=6; fi if [ "${MIN_PASSWORD_LENGTH}" = "" ]; then MIN_PASSWORD_LENGTH=6; fi
PAM_MODULE_PASSWORD_STRENGTH_TESTED=1 PAM_PASSWORD_STRENGTH_TESTED=1
if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then
Debug "Module options configured" Debug "Module options configured"
for I in ${PAM_MODULE_OPTIONS}; do for I in ${PAM_MODULE_OPTIONS}; do
@ -214,39 +214,33 @@
DigitsOnly ${VALUE} DigitsOnly ${VALUE}
MIN_PASSWORD_LENGTH=${VALUE} MIN_PASSWORD_LENGTH=${VALUE}
;; ;;
# Digital characters retry)
dccredit) # Maximum password retry
# Digits only logtext "Result: Max password Retry configured"
DigitsOnly ${VALUE} DigitsOnly ${VALUE}
if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi MAX_PASSWORD_RETRY=${VALUE}
;; ;;
# Lowercase characters minclass)
lccredit) # Minimum number of class required out of upper, lower, digit and oters
# Digits only logtext "Result: Min number of password class is configured"
DigitsOnly ${VALUE} MIN_PASSWORD_CLASS=${VALUE}
if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi ;;
dcredit)
CREDITS_D_PASSWORD=${VALUE}
;; ;;
# Other characters lcredit)
occredit) CREDITS_L_PASSWORD=${VALUE}
# Digits only
DigitsOnly ${VALUE}
if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi
;; ;;
# Uppercase characters ocredit)
uccredit) CREDITS_O_PASSWORD=${VALUE}
# Digits only ;;
DigitsOnly ${VALUE} ucredit)
if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi CREDITS_U_PASSWORD=${VALUE}
;; ;;
*) *)
logtext "Result: unknown option found: ${OPTION} with value ${VALUE}" logtext "Result: unknown option found: ${OPTION} with value ${VALUE}"
;; ;;
esac esac
if [ ${CREDITS_CONFIGURED} -eq 1 ]; then
logtext "Result: Credits are configured, password length minus 1"
MIN_PASSWORD_LENGTH=`expr ${MIN_PASSWORD_LENGTH} - 1`
fi
done done
fi fi
;; ;;