diff options
author | Michael Boelen <michael@cisofy.com> | 2015-09-07 12:19:40 +0300 |
---|---|---|
committer | Michael Boelen <michael@cisofy.com> | 2015-09-07 12:19:40 +0300 |
commit | f471bf9d9625e01dc3e79b4aa28d831f20b171ed (patch) | |
tree | 41ababe7d90c074b947a73014fc0f9d88e63beab /include/tests_authentication | |
parent | 5165e57b86ec3ec631d14a3e9c0a1e82a8a426c5 (diff) | |
parent | 0e97f7936fb522c82c0cb1566e01dfa105fe1de4 (diff) |
Merge pull request #70 from kboratynski/auth-9407
Wrote 'AUTH-9407' - logging failed login attempts.
Diffstat (limited to 'include/tests_authentication')
-rw-r--r-- | include/tests_authentication | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index acf866b2..79c1b94c 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -1078,6 +1078,27 @@ # ################################################################################# # + # Test : AUTH-9407 + # Description : Logging failed login attempts + if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no AUTH-9407 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Logging failed login attempts" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: Checking FAILLOG_ENAB option in /etc/login.defs " + FIND=`grep "^FAILLOG_ENAB" /etc/login.defs | awk '{ if ($1=="FAILLOG_ENAB") { print $2 } }'` + if [ "${FIND}" = "" -o "${FIND}" = "no" ]; then + logtext "Result: failed login attempts are not logged" + Display --indent 2 --text "- Logging failed login attempts" --result DISABLED --color YELLOW + ReportSuggestion ${TEST_NO} "Configure failed login attempts to be logged in /var/log/faillog" + AddHP 0 1 + else + logtext "Result: failed login attempts are logged in /var/log/faillog" + Display --indent 2 --text "- Logging failed login attempts" --result OK --color GREEN + AddHP 3 3 + fi + fi +# +################################################################################# +# report "auth_failed_logins_logged=${AUTH_FAILED_LOGINS_LOGGED}" report "ldap_auth_enabled=${LDAP_AUTH_ENABLED}" |