diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-31 14:34:17 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-31 14:34:17 +0300 |
| commit | 2b4d7a1e851bdaac11c25839935a1aa45e7cee68 (patch) | |
| tree | 9888ed06e3f1fe32b563d96af6a5defe43d58105 | |
| parent | 23e400ea9e322bcafbed181eee7d7438060c8f30 (diff) | |
[AUTH-9218] Clean ups and improve readability
| -rw-r--r-- | include/tests_authentication | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 52432352..4bad7e5e 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -153,7 +153,7 @@ # Test : AUTH-9218 # Description : Check login shells for passwordless accounts # Notes : Results should be checked - Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --category security --description "Check harmful login shells" + Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --category security --description "Check login shells for passwordless accounts" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 LogText "Test: Checking login shells" @@ -161,34 +161,35 @@ # Check for all shells, except: (/usr)/sbin/nologin /nonexistent FIND=`grep "[a-z]:\*:" /etc/master.passwd | egrep -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | sed 's/ /!space!/g'` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Checking login shells" --result "${STATUS_OK}" --color GREEN - else - Display --indent 2 --text "- Checking login shells" --result "${STATUS_WARNING}" --color RED - for I in ${FIND}; do - I=`echo ${I} | sed 's/!space!/ /g'` - J=`echo ${I} | awk -F: '{ print $10 }'` - LogText "Output: ${I}" - if [ "${J}" = "" ]; then + Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN + else + Display --indent 2 --text "- Login shells" --result "${STATUS_WARNING}" --color RED + for LINE in ${FIND}; do + LINE=$(echo ${LINE} | sed 's/!space!/ /g') + SHELL=$(echo ${LINE} | awk -F: '{ print $10 }') + LogText "Output: ${LINE}" + if [ -z "${SHELL}" ]; then LogText "Result: found no shell on line" - else - LogText "Result: found possible harmful shell ${J}" - if [ -f ${J} ]; then - LogText "Result: shell ${J} does exist" + else + LogText "Result: found possible harmful shell ${SHELL}" + if [ -f ${SHELL} ]; then + LogText "Result: shell ${SHELL} does exist" FOUND=1 - else - LogText "Result: shell ${J} does not exist" - ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${J} does not exist" + else + LogText "Result: shell ${SHELL} does not exist" + ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${SHELL} does not exist" fi fi done if [ ${FOUND} -eq 1 ]; then - ReportWarning ${TEST_NO} "H" "Possible harmful shell found (for passwordless account!)" + ReportWarning ${TEST_NO} "Possible harmful shell found (for passwordless account!)" fi - fi + fi else - Display --indent 2 --text "- Checking login shells" --result "${STATUS_SKIPPED}" --color WHITE + Display --indent 2 --text "- Login shells" --result "${STATUS_SKIPPED}" --color WHITE LogText "Result: No /etc/master.passwd file found" fi + unset LINE SHELL fi # ################################################################################# |