tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS

Browse Source
This commit is contained in:
Michael Boelen 2020-06-26 10:24:37 +02:00
parent ee3a3df601
commit e6c6fdc9a8
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/tests_authentication
View File

@ -285,15 +285,24 @@
# Test : AUTH-9229 # Test : AUTH-9229
# Description : Check password hashing methods vs. recommendations in crypt(5) # Description : Check password hashing methods vs. recommendations in crypt(5)
# Notes : Applicable to all Unix-like OS # Notes : Applicable to all Unix-like OS
# Does not work correctly on AIX and macOS (unknown why)
# Requires read access to /etc/shadow (if it exists) # Requires read access to /etc/shadow (if it exists)
Register --test-no AUTH-9229 --root-only YES --weight L --network NO --category security --description "Check password hashing methods" case ${OS} in
"AIX" | "macOS")
PREQS_MET="NO"
;;
*)
PREQS_MET="YES"
;;
esac
Register --test-no AUTH-9229 --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check password hashing methods"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking password hashing methods" LogText "Test: Checking password hashing methods"
SHADOW=""; SHADOW="";
if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi
FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do
case ${METHOD} in case ${METHOD} in
1:\* | 1:x | 0: | *:\!* | *LOCK*) 1:\* | 1:x | 0: | *:!* | *LOCK*)
# disabled | shadowed | no password | locked account (can be literal *LOCK* or something like LOCKED) # disabled | shadowed | no password | locked account (can be literal *LOCK* or something like LOCKED)
;; ;;
*:\$5\$*| *:\$6\$*) *:\$5\$*| *:\$6\$*)