diff options
author | Justin P <jpartain89@users.noreply.github.com> | 2016-10-27 09:46:23 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-10-27 09:46:23 +0300 |
commit | e687b2086643b3912661f4b6a3d891a8ea283984 (patch) | |
tree | 7538d1c4e2bfab1c3f3f38b7abe8efcf0a8acc80 | |
parent | db7bff9cb28aa6906cdb25690a4feeb28d112fc2 (diff) |
Updates to include/tests_authentication (#308)
* adjusted.
For test number 9234, added comments stating macOS doesn’t use
/etc/passwd for normal users. macOS uses `opendirectoryd` as the
backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment
in the test area.
* Revert "adjusted."
This reverts commit 2166e5da94ab1c04c56124c7c41b788a7d3d0172.
* Test 9208 and 9234 Updated
For test number 9208, the LogText was clumsily written. Text has been adjusted.
For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment in the test area.
* Test 9208 and 9234 Updated
For test number 9208, the LogText was clumsily written. Text has been adjusted.
For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment in the test area.
-rw-r--r-- | include/tests_authentication | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 4e2e5bc6..15a91a0c 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -89,6 +89,7 @@ LogText "Result: test skipped, ${PASSWD_FILE} file not available" fi LogText "Remarks: Non unique UIDs can riskful for the system or part of a configuration mistake" + LogText "Remarks: Non unique UIDs can be a risk for the system or part of a configuration mistake" fi # ################################################################################# @@ -274,6 +275,7 @@ # Notes : AIX: 100+ # HPUX: 100+ # Mac OS X: needs to be improved (just reading passwd file is not enough) + # (NOTE: macOS doesn't have any user info in /etc/passwd, users are managed with opendirectoryd) # OpenBSD/NetBSD: unknown # Arch Linux / CentOS / Ubuntu: 1000+ Register --test-no AUTH-9234 --weight L --network NO --category security --description "Query user accounts" @@ -312,6 +314,10 @@ LogText "Solaris real users output (ID =0, or 100+, but not 60001/65534):" FIND=`${AWKBINARY} -F: '($3 >= 100 && $3 != 60001 && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd` ;; +# "macOS") +# LogText "macOS real users output (ID = 0, or 500-599)" +# #NOTE# The specific line for using dscacheutil is: +# # dscacheutil -q user | grep -A 3 -B 2 -e uid:\ 5'[0-9][0-9]' *) # Want to help improving Lynis? Determine what user IDs belong to normal user accounts ReportException "${TEST_NO}:1" "Can not determine user accounts" |