diff options
author | Thomas Sjögren <konstruktoid@users.noreply.github.com> | 2020-03-24 13:44:14 +0300 |
---|---|---|
committer | Thomas Sjögren <konstruktoid@users.noreply.github.com> | 2020-03-24 13:44:14 +0300 |
commit | 5341fa7b29dbd32db32a11934d1b2eef3c022d72 (patch) | |
tree | dd65eac2eb59b528007c39da01e6682b482a2749 /include/tests_authentication | |
parent | 6818db5e127e732db432a119c9894c663995ed5e (diff) |
AUTH-9229 isnt related to login.defs, add AUTH-9230
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Diffstat (limited to 'include/tests_authentication')
-rw-r--r-- | include/tests_authentication | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index d8efe6e2..c5c71eee 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -382,13 +382,63 @@ else Display --indent 2 --text "- Password hashing methods" --result "${STATUS_SUGGESTION}" --color YELLOW LogText "Result: poor password hashing methods found: ${FIND}" - ReportSuggestion "${TEST_NO}" "Change ${ROOTDIR}etc/login.defs password ENCRYPT_METHOD and SHA_CRYPT_MIN_ROUNDS to more secure values, check also PAM configuration, expire passwords to encrypt with new values" + ReportSuggestion "${TEST_NO}" "Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values" AddHP 0 2 fi fi # ################################################################################# # + # Test : AUTH-9230 + # Description : Check group password hashing rounds in login.defs + # Notes : Applicable to all Unix-like OS + PREQS_MET="NO" + if [ -f ${ROOTDIR}etc/login.defs ]; then + PREQS_MET="YES" + fi + Register --test-no AUTH-9230 --root-only NO --weight L --network NO --category security --description "Check group password hashing rounds" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Checking SHA_CRYPT_MIN_ROUNDS option in ${ROOTDIR}etc/login.defs" + FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }') + if [ -z "${FIND}" -o "${FIND}" = "0" ]; then + LogText "Result: number of minimum rounds used by the encryption algorithm is not configured" + Display --indent 2 --text "- Checking minimum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW + ReportSuggestion "${TEST_NO}" "Configure minimum encryption algorithm rounds in /etc/login.defs" + AddHP 0 2 + elif [ "${FIND}" -lt 5000 ]; then + LogText "Result: low number of minimum encryption algorithm rounds found: ${FIND}" + PASSWORD_MINIMUM_ROUNDS=${FIND} + Display --indent 2 --text "- Group password hashing rounds (minimum)" --result "${STATUS_SUGGESTION}" --color YELLOW + AddHP 1 2 + else + LogText "Result: number of encryption algorithm rounds is ${FIND}" + PASSWORD_MINIMUM_ROUNDS=${FIND} + Display --indent 2 --text "- Group password hashing rounds (minimum)" --result CONFIGURED --color GREEN + AddHP 2 2 + fi + + LogText "Test: Checking SHA_CRYPT_MAX_ROUNDS option in ${ROOTDIR}etc/login.defs" + FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }') + if [ -z "${FIND}" -o "${FIND}" = "0" ]; then + LogText "Result: number of maximum rounds used by the encryption algorithm is not configured" + Display --indent 2 --text "- Checking maximum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW + ReportSuggestion "${TEST_NO}" "Configure maximum encryption algorithm rounds in /etc/login.defs" + AddHP 0 2 + elif [ "${FIND}" -lt 10000 ]; then + LogText "Result: low number of maximum encryption algorithm rounds found: ${FIND}" + PASSWORD_MINIMUM_ROUNDS=${FIND} + Display --indent 2 --text "- Group password hashing rounds (maximum)" --result "${STATUS_SUGGESTION}" --color YELLOW + AddHP 1 2 + else + LogText "Result: number of encryption algorithm rounds is ${FIND}" + PASSWORD_MINIMUM_ROUNDS=${FIND} + Display --indent 2 --text "- Group password hashing rounds (maximum)" --result CONFIGURED --color GREEN + AddHP 2 2 + fi + fi +# +################################################################################# +# # Test : AUTH-9234 # Description : Query user accounts # Notes : AIX: 100+ |