diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-31 14:53:26 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-31 14:53:26 +0300 |
| commit | 5e2f6d256bca6d56df32585d19d9935b5b53e5aa (patch) | |
| tree | 14da8497cdb5a0eef3ab32795a2d099ec99d140a | |
| parent | 6426ce68c000c05e31ecaee8a59ab285ab72d456 (diff) | |
Removed word 'checking' from several tests' and style improvements
| -rw-r--r-- | include/tests_authentication | 122 |
1 files changed, 61 insertions, 61 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 12f9257d..b752897d 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -42,9 +42,9 @@ LogText "Test: Searching accounts with UID 0" FIND=`grep ':0:' /etc/passwd | egrep -v '^#|^root:|^(\+:\*)?:0:0:::' | cut -d ":" -f1,3 | grep ':0'` if [ ! "${FIND}" = "" ]; then - Display --indent 2 --text "- Search administrator accounts" --result "${STATUS_WARNING}" --color RED + Display --indent 2 --text "- Administrator accounts" --result "${STATUS_WARNING}" --color RED LogText "Result: Found more than one administrator accounts" - ReportWarning "${TEST_NO}" "H" "Multiple users with UID 0 found in passwd file" + ReportWarning "${TEST_NO}" "Multiple users with UID 0 found in passwd file" for I in ${FIND}; do LogText "Administrator account: ${I}" if [ "${I}" = "toor" ]; then @@ -53,8 +53,8 @@ ReportSuggestion ${TEST_NO} "Use vipw to delete the 'toor' user if not used." fi done - else - Display --indent 2 --text "- Search administrator accounts" --result "${STATUS_OK}" --color GREEN + else + Display --indent 2 --text "- Administrator accounts" --result "${STATUS_OK}" --color GREEN LogText "Result: No accounts found with UID 0 other than root." fi fi @@ -75,16 +75,16 @@ if [ -f ${PASSWD_FILE} ]; then FIND=`grep -v '^#' ${PASSWD_FILE} | cut -d ':' -f3 | sort | uniq -d` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Checking for non-unique UIDs" --result "${STATUS_OK}" --color GREEN + Display --indent 2 --text "- Unique UIDs" --result "${STATUS_OK}" --color GREEN LogText "Result: all accounts found in ${PASSWD_FILE} are unique" - else - Display --indent 2 --text "- Checking for non-unique UIDs" --result "${STATUS_WARNING}" --color RED + else + Display --indent 2 --text "- Unique UIDs" --result "${STATUS_WARNING}" --color RED LogText "Result: found multiple accounts with same UID" LogText "Output (non-unique UIDs): ${FIND}" ReportWarning ${TEST_NO} "Multiple accounts found with same UID" fi else - Display --indent 2 --text "- Checking UIDs" --result "${STATUS_SKIPPED}" --color WHITE + Display --indent 2 --text "- Unique UIDs" --result "${STATUS_SKIPPED}" --color WHITE LogText "Result: test skipped, ${PASSWD_FILE} file not available" fi LogText "Remarks: Non unique UIDs can riskful for the system or part of a configuration mistake" @@ -341,16 +341,16 @@ FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nisplus"` if [ "${FIND}" = "" ]; then LogText "Result: NIS+ authentication not enabled" - Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE + Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE else FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nisplus"` FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nisplus"` if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then LogText "Result: NIS+ authentication enabled" - Display --indent 2 --text "- Checking NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN + Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: NIS+ authentication not enabled" - Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE + Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE fi fi else @@ -368,16 +368,16 @@ FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nis" | grep -v "nisplus"` if [ "${FIND}" = "" ]; then LogText "Result: NIS authentication not enabled" - Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE + Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE else FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"` FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"` if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then LogText "Result: NIS authentication enabled" - Display --indent 2 --text "- Checking NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN + Display --indent 2 --text "- NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: NIS authentication not enabled" - Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE + Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE fi fi else @@ -404,10 +404,10 @@ done if [ ${FOUND} -eq 1 ]; then LogText "Result: sudoers file found (${SUDOERS_FILE})" - Display --indent 2 --text "- Checking sudoers file" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- sudoers file" --result "${STATUS_FOUND}" --color GREEN else LogText "Result: sudoers file NOT found" - Display --indent 2 --text "- Checking sudoers file" --result "${STATUS_NOT_FOUND}" --color YELLOW + Display --indent 2 --text "- sudoers file" --result "${STATUS_NOT_FOUND}" --color YELLOW fi fi # @@ -436,15 +436,15 @@ # Description : Solaris test to check passwordless accounts Register --test-no AUTH-9254 --os Solaris --weight L --network NO --root-only YES --category security --description "Solaris passwordless accounts" if [ ${SKIPTEST} -eq 0 ]; then - FIND=`logins -p | awk '{ print $1 }'` + FIND=$(logins -p | awk '{ print $1 }') if [ "${FIND}" = "" ]; then LogText "Result: no passwordless accounts found" - Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result "${STATUS_OK}" --color GREEN - else + Display --indent 2 --text "- Passwordless accounts on Solaris" --result "${STATUS_OK}" --color GREEN + else for I in ${FIND}; do - ReportWarning ${TEST_NO} "H" "Found passwordless account (${I})" + ReportWarning ${TEST_NO} "Found passwordless account (${I})" done - Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result "${STATUS_WARNING}" --color RED + Display --indent 2 --text "- Passwordless accounts on Solaris" --result "${STATUS_WARNING}" --color RED fi fi # @@ -507,12 +507,12 @@ fi if [ ${FOUND} -eq 0 ]; then - Display --indent 2 --text "- Checking PAM password strength tools" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 2 --text "- PAM password strength tools" --result "${STATUS_SUGGESTION}" --color YELLOW LogText "Result: no PAM modules for password strength testing found" ReportSuggestion ${TEST_NO} "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc" AddHP 0 3 else - Display --indent 2 --text "- Checking PAM password strength tools" --result "${STATUS_OK}" --color GREEN + Display --indent 2 --text "- PAM password strength tools" --result "${STATUS_OK}" --color GREEN LogText "Result: found at least one PAM module for password strength testing" AddHP 3 3 fi @@ -527,7 +527,7 @@ LogText "Test: Checking file /etc/pam.conf" if [ -f /etc/pam.conf ]; then LogText "Result: file /etc/pam.conf exists" - Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- PAM configuration files (pam.conf)" --result "${STATUS_FOUND}" --color GREEN LogText "Test: searching PAM configuration files" FIND=`grep -v "^#" /etc/pam.conf | grep -v "^$" | sed 's/[[:space:]]/ /g' | sed 's/ / /g' | sed 's/ /:space:/g'` if [ "${FIND}" = "" ]; then @@ -541,7 +541,7 @@ fi else LogText "Result: file /etc/pam.conf could not be found" - Display --indent 2 --text "- Checking PAM configuration file (pam.conf)" --result "${STATUS_NOT_FOUND}" --color WHITE + Display --indent 2 --text "- PAM configuration file (pam.conf)" --result "${STATUS_NOT_FOUND}" --color WHITE fi fi # @@ -554,7 +554,7 @@ LogText "Test: Checking directory /etc/pam.d" if [ -d /etc/pam.d ]; then LogText "Result: directory /etc/pam.d exists" - Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- PAM configuration files (pam.d)" --result "${STATUS_FOUND}" --color GREEN LogText "Test: searching PAM configuration files" FIND=`find /etc/pam.d -type f -print | sort` for I in ${FIND}; do @@ -562,7 +562,7 @@ done else LogText "Result: directory /etc/pam.d could not be found" - Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result "${STATUS_NOT_FOUND}" --color WHITE + Display --indent 2 --text "- PAM configuration files (pam.d)" --result "${STATUS_NOT_FOUND}" --color WHITE fi fi # @@ -593,10 +593,10 @@ done # Check if we found at least one module if [ ${FOUND} -eq 0 ]; then - Display --indent 2 --text "- Checking PAM modules" --result "${STATUS_NOT_FOUND}" --color WHITE + Display --indent 2 --text "- PAM modules" --result "${STATUS_NOT_FOUND}" --color WHITE LogText "Result: no PAM modules found" else - Display --indent 2 --text "- Checking PAM modules" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- PAM modules" --result "${STATUS_FOUND}" --color GREEN fi unset DIR; unset FILE; unset FIND fi @@ -615,12 +615,12 @@ if [ ! "${FIND}" = "" ]; then LogText "Result: LDAP module present" LogText "Output: ${FIND}" - Display --indent 2 --text "- Checking LDAP module in PAM" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- LDAP module in PAM" --result "${STATUS_FOUND}" --color GREEN LDAP_AUTH_ENABLED=1 LDAP_PAM_ENABLED=1 else LogText "Result: LDAP module not found" - Display --indent 2 --text "- Checking LDAP module in PAM" --result "${STATUS_NOT_FOUND}" --color WHITE + Display --indent 2 --text "- LDAP module in PAM" --result "${STATUS_NOT_FOUND}" --color WHITE fi else LogText "Result: file /etc/pam.d/common-auth not found, skipping test" @@ -664,13 +664,13 @@ LogText "Test: Checking Linux version and password expire date status" if [ "${FIND}" = "" ]; then LogText "Result: all accounts seem to have an expire date" - Display --indent 2 --text "- Checking accounts without expire date" --result "${STATUS_OK}" --color GREEN + Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_OK}" --color GREEN else LogText "Result: found one or more accounts with expire date set" for I in ${FIND}; do LogText "Account without expire date: ${I}" done - Display --indent 2 --text "- Checking accounts without expire date" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 2 --text "- Accounts without expire date" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "When possible set expire dates for all password protected accounts" fi fi @@ -681,14 +681,14 @@ LogText "Test: Checking passwordless accounts" if [ "${FIND2}" = "" ]; then LogText "Result: all accounts seem to have a password" - Display --indent 2 --text "- Checking accounts without password" --result "${STATUS_OK}" --color GREEN + Display --indent 2 --text "- Accounts without password" --result "${STATUS_OK}" --color GREEN else LogText "Result: found one or more accounts without password" for I in ${FIND2}; do LogText "Account without password: ${I}" Report "account_without_password=${I}" done - Display --indent 2 --text "- Checking accounts without password" --result "${STATUS_WARNING}" --color RED + Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED ReportWarning ${TEST_NO} "Found accounts without password" fi fi @@ -712,7 +712,7 @@ else LogText "Result: password needs to be at least ${FIND} days old" PASSWORD_MINIMUM_DAYS=${FIND} - Display --indent 2 --text "- Checking user password aging (minimum)" --result CONFIGURED --color GREEN + Display --indent 2 --text "- User password aging (minimum)" --result CONFIGURED --color GREEN AddHP 3 3 fi @@ -720,13 +720,13 @@ FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'` if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then LogText "Result: password aging limits are not configured" - Display --indent 2 --text "- Checking user password aging (maximum)" --result "${STATUS_DISABLED}" --color YELLOW + Display --indent 2 --text "- User password aging (maximum)" --result "${STATUS_DISABLED}" --color YELLOW ReportSuggestion ${TEST_NO} "Configure maximum password age in /etc/login.defs" AddHP 0 1 else LogText "Result: max password age is ${FIND} days" PASSWORD_MAXIMUM_DAYS=${FIND} - Display --indent 2 --text "- Checking user password aging (maximum)" --result CONFIGURED --color GREEN + Display --indent 2 --text "- User password aging (maximum)" --result CONFIGURED --color GREEN AddHP 3 3 fi fi @@ -956,17 +956,17 @@ if [ ${FOUND_UMASK} -eq 1 ]; then if [ ${WEAK_UMASK} -eq 0 ]; then - Display --indent 4 --text "- Checking umask (/etc/profile)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/profile)" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else - Display --indent 4 --text "- Checking umask (/etc/profile)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/profile)" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "Default umask in /etc/profile could be more strict like 027" AddHP 0 2 fi else # Some operating systems don't have a default umask defined in /etc/profile (Debian) LogText "Result: found no umask. Please check if this is correct" - Display --indent 4 --text "- Checking umask (/etc/profile)" --result "${STATUS_NOT_FOUND}" --color YELLOW + Display --indent 4 --text "- umask (/etc/profile)" --result "${STATUS_NOT_FOUND}" --color YELLOW fi else LogText "Result: file /etc/profile does not exist" @@ -993,20 +993,20 @@ FIND=`grep "^UMASK" /etc/login.defs | awk '{ print $2 }'` if [ "${FIND}" = "" ]; then LogText "Result: umask value is not configured (most likely it will have the default 022 value)" - Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027" AddHP 1 2 elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then LogText "Result: umask is ${FIND}, which is fine" - Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/login.defs)" --result "${STATUS_OK}" --color GREEN AddHP 2 2 - else + else LogText "Result: found umask ${FIND}, which could be improved" - Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could be more strict like 027" AddHP 0 2 fi - else + else LogText "Result: file /etc/login.defs does not exist" fi @@ -1018,14 +1018,14 @@ FIND=`grep "^umask" /etc/init.d/functions | awk '{ print $2 }'` if [ "${FIND}" = "" ]; then LogText "Result: umask is not configured" - Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result "${STATUS_NONE}" --color WHITE + Display --indent 4 --text "- umask (/etc/init.d/functions)" --result "${STATUS_NONE}" --color WHITE elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then LogText "Result: umask is ${FIND}, which is fine" - Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/init.d/functions)" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else LogText "Result: found umask ${FIND}, which could be improved" - Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/init.d/functions)" --result "${STATUS_SUGGESTION}" --color YELLOW AddHP 0 2 fi else @@ -1045,11 +1045,11 @@ AddHP 1 2 elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then LogText "Result: umask is ${FIND}, which is fine" - Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/init.d/rc)" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else LogText "Result: found umask ${FIND}, which could be improved" - Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/init.d/rc)" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could be more strict like 027" AddHP 0 2 fi @@ -1082,14 +1082,14 @@ fi if [ ${FOUND} -eq 1 ]; then if [ ${WEAK_UMASK} -eq 0 ]; then - Display --indent 4 --text "- Checking umask (/etc/login.conf)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_OK}" --color GREEN else - Display --indent 4 --text "- Checking umask (/etc/login.conf)" --result WEAK --color YELLOW + Display --indent 4 --text "- umask (/etc/login.conf)" --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Umask in /etc/login.conf could be more strict like 027" fi else LogText "Result: no umask setting found in /etc/login.conf, which is unexpected" - Display --indent 4 --text "- Checking umask (/etc/login.conf)" --result "${STATUS_NONE}" --color YELLOW + Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_NONE}" --color YELLOW fi fi @@ -1108,11 +1108,11 @@ AddHP 1 2 elif [ "${FIND2}" = "077" -o "${FIND2}" = "027" ]; then LogText "Result: umask is ${FIND2}, which is fine" - Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result "${STATUS_OK}" --color GREEN + Display --indent 4 --text "- umask (/etc/init.d/rcS)" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else LogText "Result: found umask ${FIND2}, which could be improved" - Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result "${STATUS_SUGGESTION}" --color YELLOW + Display --indent 4 --text "- umask (/etc/init.d/rcS)" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could be more strict like 027" AddHP 0 2 fi @@ -1184,16 +1184,16 @@ Register --test-no AUTH-9402 --weight L --network NO --category security --description "Query LDAP authentication support" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/nsswitch.conf ]; then - FIND=`egrep "^passwd" /etc/nsswitch.conf | grep "ldap"` + FIND=$(egrep "^passwd" /etc/nsswitch.conf | grep "ldap") if [ "${FIND}" = "" ]; then LogText "Result: LDAP authentication not enabled" - Display --indent 2 --text "- Checking LDAP authentication support" --result "NOT ENABLED" --color WHITE - else + Display --indent 2 --text "- LDAP authentication support" --result "NOT ENABLED" --color WHITE + else LogText "Result: LDAP authentication enabled" - Display --indent 2 --text "- Checking LDAP authentication support" --result "${STATUS_ENABLED}" --color GREEN + Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_ENABLED}" --color GREEN LDAP_AUTH_ENABLED=1 fi - else + else LogText "Result: /etc/nsswitch.conf not found" fi fi |