Merge pull request #70 from kboratynski/auth-9407

Wrote 'AUTH-9407' - logging failed login attempts.

1 files changed, 21 insertions, 0 deletions

diff --git a/include/tests_authentication b/include/tests_authentication
index acf866b2..79c1b94c 100644
--- a/include/tests_authentication
+++ b/include/tests_authentication
@@ -1078,6 +1078,27 @@
 #
 #################################################################################
 #
+    # Test        : AUTH-9407
+    # Description : Logging failed login attempts
+    if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9407 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Logging failed login attempts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking FAILLOG_ENAB option in /etc/login.defs "
+        FIND=`grep "^FAILLOG_ENAB" /etc/login.defs | awk '{ if ($1=="FAILLOG_ENAB") { print $2 } }'`
+        if [ "${FIND}" = "" -o "${FIND}" = "no" ]; then
+            logtext "Result: failed login attempts are not logged"
+            Display --indent 2 --text "- Logging failed login attempts" --result DISABLED --color YELLOW
+            ReportSuggestion ${TEST_NO} "Configure failed login attempts to be logged in /var/log/faillog"
+            AddHP 0 1
+          else
+            logtext "Result: failed login attempts are logged in /var/log/faillog"
+            Display --indent 2 --text "- Logging failed login attempts" --result OK --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
 
 report "auth_failed_logins_logged=${AUTH_FAILED_LOGINS_LOGGED}"
 report "ldap_auth_enabled=${LDAP_AUTH_ENABLED}"