tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modified AUTH-9262 

Added pwquality (default in some Ubuntu variants) to accepted password-quality modules.  Reworked test so that full points are possible (passwdqc and cracklib incompatible).
This commit is contained in:
Eric Light 2016-03-22 16:30:47 +13:00
parent 9023aaa052
commit fad4dfc0cc
1 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
include/tests_authentication
View File

@ -454,50 +454,64 @@
FOUND=0 FOUND=0
FOUND_CRACKLIB=0 FOUND_CRACKLIB=0
FOUND_PASSWDQC=0 FOUND_PASSWDQC=0
FOUND_PWQUALITY=0
# Cracklib # Cracklib
LogText "Searching cracklib PAM module" LogText "Searching PAM password testing modules (cracklib, passwdqc, pwquality)"
for I in ${PAM_FILE_LOCATIONS}; do for I in ${PAM_FILE_LOCATIONS}; do
if [ -f ${I}/pam_cracklib.so ]; then if [ -f ${I}/pam_cracklib.so ]; then
FOUND_CRACKLIB=1 FOUND_CRACKLIB=1
FOUND=1
LogText "Result: found pam_cracklib.so (crack library PAM) in ${I}" LogText "Result: found pam_cracklib.so (crack library PAM) in ${I}"
fi fi
if [ -f ${I}/pam_passwdqc.so ]; then
FOUND_PASSWDQC=1
FOUND=1
LogText "Result: found pam_passwdqc.so (passwd quality control PAM) in ${I}"
fi
if [ -f ${I}/pam_pwquality.so ]; then
FOUND_PWQUALITY=1
FOUND=1
LogText "Result: found pam_pwquality.so (password quality control PAM) in ${I}"
fi
done done
# Cracklib
if [ ${FOUND_CRACKLIB} -eq 1 ]; then if [ ${FOUND_CRACKLIB} -eq 1 ]; then
LogText "Result: pam_cracklib.so found" LogText "Result: pam_cracklib.so found"
Report "pam_cracklib=1" Report "pam_cracklib=1"
AddHP 3 3
FOUND=1
else else
LogText "Result: pam_cracklib.so NOT found (crack library PAM)" LogText "Result: pam_cracklib.so NOT found (crack library PAM)"
AddHP 1 3
fi fi
# Passwd quality control # Passwd quality control
LogText "Searching passwdqc PAM module"
for I in ${PAM_FILE_LOCATIONS}; do
if [ -f ${I}/pam_passwdqc.so ]; then
FOUND_PASSWDQC=1
LogText "Result: found pam_passwdqc.so (passwd quality control PAM) in ${I}"
fi
done
if [ ${FOUND_PASSWDQC} -eq 1 ]; then if [ ${FOUND_PASSWDQC} -eq 1 ]; then
LogText "Result: pam_passwdqc.so found" LogText "Result: pam_passwdqc.so found"
Report "pam_passwdqc=1" Report "pam_passwdqc=1"
AddHP 3 3
FOUND=1
else else
LogText "Result: pam_passwdqc.so NOT found (passwd quality control PAM)" LogText "Result: pam_passwdqc.so NOT found (passwd quality control PAM)"
AddHP 1 3 fi
# pwquality
if [ ${FOUND_PWQUALITY} -eq 1 ]; then
LogText "Result: pam_pwquality.so found"
Report "pam_pwquality=1"
else
LogText "Result: pam_pwquality.so NOT found (pwquality control PAM)"
fi fi
if [ ${FOUND} -eq 0 ]; then if [ ${FOUND} -eq 0 ]; then
Display --indent 2 --text "- Checking PAM password strength tools" --result "SUGGESTION" --color YELLOW Display --indent 2 --text "- Checking PAM password strength tools" --result "SUGGESTION" --color YELLOW
LogText "Result: no PAM modules for password strength testing found" LogText "Result: no PAM modules for password strength testing found"
ReportSuggestion ${TEST_NO} "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc" ReportSuggestion ${TEST_NO} "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc"
AddHP 0 3
else else
Display --indent 2 --text "- Checking PAM password strength tools" --result OK --color GREEN Display --indent 2 --text "- Checking PAM password strength tools" --result OK --color GREEN
LogText "Result: found at least one PAM module for password strength testing" LogText "Result: found at least one PAM module for password strength testing"
AddHP 3 3
fi fi
fi fi
# #