diff options
author | jirib <46245+jirib@users.noreply.github.com> | 2019-03-05 21:03:44 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-03-05 21:03:44 +0300 |
commit | 0dafe4a02b494e0c94c3d1b89e9e9791e2fde63d (patch) | |
tree | 11d2235a3d636af9ee62f0e5bb5612d890170edd /include/tests_authentication | |
parent | 06bf77cb3052c7417b6fe44e70428b36da68c031 (diff) |
better OpenBSD support (#641)
Diffstat (limited to 'include/tests_authentication')
-rw-r--r-- | include/tests_authentication | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index e0571a49..fe8ece41 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -1390,6 +1390,50 @@ # ################################################################################# # + # Test : AUTH-9409 + # Description : Check for doas file + DOAS_FILE="" + Register --test-no AUTH-9409 --os OpenBSD --weight L --network NO --category security --description "Checking /etc/doas.conf file" + if [ ${SKIPTEST} -eq 0 ]; then + FOUND=0 + LogText "Test: checking presence /etc/doas.conf" + if [ -f /etc/doas.conf ]; then + DOAS_FILE=/etc/doas.conf + FOUND=1 + LogText "Result: file /etc/doas.conf found" + else + LogText "Result: file /etc/doas.conf not found" + fi + if [ ${FOUND} -eq 1 ]; then + LogText "Result: /etc/doas.conf file found" + Display --indent 2 --text "- doas file" --result "${STATUS_FOUND}" --color GREEN + else + LogText "Result: doas file NOT found" + Display --indent 2 --text "- doas file" --result "${STATUS_NOT_FOUND}" --color YELLOW + fi + fi +# +################################################################################# +# + # Test : AUTH-9410 + # Description : Check for doas file permissions + if [ ! -z "${DOAS_FILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no AUTH-9410 --os OpenBSD --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/doas.conf file permissions" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: checking /etc/doas.conf permissions" + FIND=$(ls -l ${DOAS_FILE} | ${CUTBINARY} -c 2-10) + LogText "Result: Found /etc/doas.conf file permissions: ${FIND}" + if [ "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "r--r-----" ]; then + LogText "Result: file /etc/doas.conf has correct permissions" + Display --indent 4 --text "- Check doas file permissions" --result "${STATUS_OK}" --color GREEN + else + LogText "Result: file has possibly unsafe file permissions" + Display --indent 4 --text "- Check doas file permissions" --result "${STATUS_WARNING}" --color RED + fi + fi +# +################################################################################# +# Report "auth_failed_logins_logged=${AUTH_FAILED_LOGINS_LOGGED}" Report "ldap_auth_enabled=${LDAP_AUTH_ENABLED}" |