Updates to include/tests_authentication (#308)

* adjusted. For test number 9234, added comments stating macOS doesn’t use /etc/passwd for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended program to parse that information. I input a sample line as a comment in the test area. * Revert "adjusted." This reverts commit 2166e5da94. * Test 9208 and 9234 Updated For test number 9208, the LogText was clumsily written. Text has been adjusted. For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended program to parse that information. I input a sample line as a comment in the test area. * Test 9208 and 9234 Updated For test number 9208, the LogText was clumsily written. Text has been adjusted. For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended program to parse that information. I input a sample line as a comment in the test area.
2016-10-27 01:46:23 -05:00 · 2016-10-27 01:46:23 -05:00 · e687b20866
parent db7bff9cb2
commit e687b20866
1 changed files with 6 additions and 0 deletions
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -89,6 +89,7 @@
            LogText "Result: test skipped, ${PASSWD_FILE} file not available"
        fi
        LogText "Remarks: Non unique UIDs can riskful for the system or part of a configuration mistake"
+        LogText "Remarks: Non unique UIDs can be a risk for the system or part of a configuration mistake"
    fi
 #
 #################################################################################
@ -274,6 +275,7 @@
    # Notes       : AIX: 100+
    #               HPUX: 100+
    #               Mac OS X: needs to be improved (just reading passwd file is not enough)
+    #               (NOTE: macOS doesn't have any user info in /etc/passwd, users are managed with opendirectoryd)
    #               OpenBSD/NetBSD: unknown
    #               Arch Linux / CentOS / Ubuntu: 1000+
    Register --test-no AUTH-9234 --weight L --network NO --category security --description "Query user accounts"
@ -312,6 +314,10 @@
                LogText "Solaris real users output (ID =0, or 100+, but not 60001/65534):"
                FIND=`${AWKBINARY} -F: '($3 >= 100 && $3 != 60001 && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd`
            ;;
+#            "macOS")
+#                LogText "macOS real users output (ID = 0, or 500-599)"
+#               #NOTE# The specific line for using dscacheutil is:
+#               # dscacheutil -q user | grep -A 3 -B 2 -e uid:\ 5'[0-9][0-9]'                
            *)
                # Want to help improving Lynis? Determine what user IDs belong to normal user accounts
                ReportException "${TEST_NO}:1" "Can not determine user accounts"