tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 16:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix regex to disregard locked accounts (#371)

Browse Source 
This way, accounts that have ":!!:" in shadow and have an entry in
"Password expires" field don't get flagged with "Result: password of
user XYZ has been expired" by AUTH-9288.

Fixes #362
This commit is contained in:
pyllyukko 2017-03-27 10:19:55 +03:00 committed by Michael Boelen
parent a0849ac053
commit 88f39b9540
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/tests_authentication
View File

@ -825,7 +825,7 @@
LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}"
LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)"
# Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed)
FIND=$(${EGREPBINARY} -v ":[\!\*x](\*)?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}')
FIND=$(${EGREPBINARY} -v ":[\!\*x]([\*\!])?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}')
if [ ! "${FIND}" = "" ]; then
for ACCOUNT in ${FIND}; do
LogText "Result: password of user ${ACCOUNT} has been expired"