diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-10-22 15:13:34 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-22 15:13:34 +0300 |
| commit | e67f786caae4da6accfc3dd96187841959a8b4a8 (patch) | |
| tree | cd7a16cc7e5796ed255c41fb16f3018758443861 | |
| parent | 0467df631460ec65e1b3a8dbd8875cce2715357c (diff) | |
| parent | 5ca6b7ed7985d63bed1689121f7c4aad00fb53df (diff) | |
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts
[AUTH-9284] Feature: gather locked accounts info
| -rw-r--r-- | include/tests_authentication | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 274cd4f4..a3c97bff 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -859,23 +859,27 @@ PREQS_MET="YES" FIND_P=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') + FIND3=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq) ;; *) PREQS_MET="YES" FIND_P=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') + FIND3=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq) ;; esac elif [ "${OS_REDHAT_OR_CLONE}" -eq 1 ]; then PREQS_MET="YES" FIND_P=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done) FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done) + FIND3=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="L" || $2=="LK") print $1 }' | sort | uniq ; done) else LogText "Result: skipping test for this Linux version" ReportManual "AUTH-9282:01" PREQS_MET="NO" FIND_P="" FIND2="" + FIND3="" fi else PREQS_MET="NO" @@ -922,6 +926,36 @@ # ################################################################################# # + # Test : AUTH-9284 + # Description : Search locked accounts + Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking locked accounts" + if [ "${SKIPTEST}" -eq 0 ]; then + LogText "Test: Checking locked accounts" + NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' /etc/passwd | sort | uniq) + LOCKED_NON_SYSTEM_ACCOUNTS=0 + for account in ${FIND3};do + if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then + LOCKED_NON_SYSTEM_ACCOUNTS=$((LOCKED_NON_SYSTEM_ACCOUNTS+1)) + fi + done + if [ $LOCKED_NON_SYSTEM_ACCOUNTS -eq 0 ]; then + LogText "Result: all accounts seem to be unlocked" + Display --indent 2 --text "- Locked accounts" --result "${STATUS_OK}" --color GREEN + else + LogText "Result: found one or more locked accounts" + for account in ${FIND3}; do + if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then + LogText "Locked account: ${account}" + Report "locked_account=${account}" + fi + done + Display --indent 2 --text "- Locked accounts" --result "${STATUS_WARNING}" --color RED + ReportWarning "${TEST_NO}" "Found locked accounts" + fi + fi +# +################################################################################# +# # Test : AUTH-9286 # Description : Check user password aging # Notes : MIN = minimum age, avoid rotation of passwords too quickly |