Changes to AUTH-9286 to check for minimum age as well

This commit is contained in:
mboelen 2015-10-27 12:42:41 +01:00
parent 7afc82a8aa
commit 7b3299fcb9
2 changed files with 25 additions and 5 deletions

View File

@ -110,6 +110,8 @@ unset LANG
OS=""; OS_MODE=""
OS_REDHAT_OR_CLONE=0
OSIRISBINARY=""
PASSWORD_MAXIMUM_DAYS=-1
PASSWORD_MINIMUM_DAYS=-1
PAM_2F_AUTH_ENABLED=0
PAM_2F_AUTH_REQUIRED=0
PAM_AUTH_BRUTE_FORCE_PROTECTION=0

View File

@ -663,20 +663,36 @@
#
# Test : AUTH-9286
# Description : Check user password aging
# Notes : MIN = minimum age, avoid rotation of passwords too quickly
# : MAX = maximum age, ensure regular change of passwords
if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no AUTH-9286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking user password aging"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking PASS_MIN_DAYS option in /etc/login.defs "
FIND=`grep "^PASS_MIN_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MIN_DAYS") { print $2 } }'`
if [ "${FIND}" = "" -o "${FIND}" = "0" ]; then
logtext "Result: password minimum age is not configured"
Display --indent 2 --text "- Checking user password aging (minimum)" --result DISABLED --color YELLOW
ReportSuggestion ${TEST_NO} "Configure minimum password age in /etc/login.defs"
AddHP 0 1
else
logtext "Result: password needs to be at least ${FIND} days old"
PASSWORD_MINIMUM_DAYS=${FIND}
Display --indent 2 --text "- Checking user password aging (minimum)" --result CONFIGURED --color GREEN
AddHP 3 3
fi
logtext "Test: Checking PASS_MAX_DAYS option in /etc/login.defs "
FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'`
if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then
logtext "Result: password aging limits are not configured"
Display --indent 2 --text "- Checking user password aging" --result DISABLED --color YELLOW
ReportSuggestion ${TEST_NO} "Configure password aging limits to enforce password changing on a regular base"
Display --indent 2 --text "- Checking user password aging (maximum)" --result DISABLED --color YELLOW
ReportSuggestion ${TEST_NO} "Configure maximum password age in /etc/login.defs"
AddHP 0 1
else
logtext "Result: accounts with password aging set are checked against PASS_MAX_DAYS"
logtext "Result: value of PASS_MAX_DAYS is ${FIND}"
Display --indent 2 --text "- Checking user password aging" --result OK --color GREEN
logtext "Result: max password age is ${FIND} days"
PASSWORD_MAXIMUM_DAYS=${FIND}
Display --indent 2 --text "- Checking user password aging (maximum)" --result CONFIGURED --color GREEN
AddHP 3 3
fi
fi
@ -1144,6 +1160,8 @@ report "ldap_pam_enabled=${LDAP_PAM_ENABLED}"
if [ ! "${LDAP_CLIENT_CONFIG_FILE}" = "" ]; then
report "ldap_config_file=${LDAP_CLIENT_CONFIG_FILE}"
fi
report "password_min_days=${PASSWORD_MINIMUM_DAYS}"
report "password_max_days=${PASSWORD_MAXIMUM_DAYS}"
wait_for_keypress