diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-10-22 15:17:01 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2020-10-22 15:17:01 +0300 |
| commit | bd6e1d5d395536963a5d66a95c147435cd7d914b (patch) | |
| tree | 94ba63c94b86b712603fd0490bb37ad5f3a385a1 | |
| parent | e67f786caae4da6accfc3dd96187841959a8b4a8 (diff) | |
Include AUTH-9284 and minor changes
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | db/tests.db | 1 | ||||
| -rw-r--r-- | include/tests_authentication | 8 |
3 files changed, 6 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index edb1f41e..69123178 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Lynis 3.0.2 (not released yet) ### Added +- AUTH-9284 - Scan for locked user accounts in /etc/passwd - Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS - Alpine, macOS and Mageia EOL dates diff --git a/db/tests.db b/db/tests.db index 26fc8f87..6efe1a1a 100644 --- a/db/tests.db +++ b/db/tests.db @@ -37,6 +37,7 @@ AUTH-9268:test:security:authentication::Checking presence pam.d files: AUTH-9278:test:security:authentication::Checking LDAP pam status: AUTH-9282:test:security:authentication::Checking password protected account without expire date: AUTH-9283:test:security:authentication::Checking accounts without password: +AUTH-9284:test:security:authentication::Checking locked user accounts in /etc/passwd: AUTH-9286:test:security:authentication::Checking user password aging: AUTH-9288:test:security:authentication::Checking for expired passwords: AUTH-9304:test:security:authentication:Solaris:Check single user login configuration: diff --git a/include/tests_authentication b/include/tests_authentication index a3c97bff..6186881a 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -927,8 +927,8 @@ ################################################################################# # # Test : AUTH-9284 - # Description : Search locked accounts - Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking locked accounts" + # Description : Check locked user accounts in /etc/passwd + Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check locked user accounts in /etc/passwd" if [ "${SKIPTEST}" -eq 0 ]; then LogText "Test: Checking locked accounts" NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' /etc/passwd | sort | uniq) @@ -946,11 +946,11 @@ for account in ${FIND3}; do if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then LogText "Locked account: ${account}" - Report "locked_account=${account}" + Report "locked_account[]=${account}" fi done Display --indent 2 --text "- Locked accounts" --result "${STATUS_WARNING}" --color RED - ReportWarning "${TEST_NO}" "Found locked accounts" + ReportSuggestion "${TEST_NO}" "Look at the locked accounts and consider removing them" fi fi # |