diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-04-03 10:48:39 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-03 10:48:39 +0300 |
| commit | 52884792968547d6ae381c1e6bdcc156d1c32af9 (patch) | |
| tree | 7a3639f86a7be5b7b9b41aa2419dd55a2c636816 /include/tests_authentication | |
| parent | e2ad71ffe5907dcce88ca3511b8db904b82b574c (diff) | |
| parent | ac7ad92f227c5302ef46bee7d34fbf07dcf364b7 (diff) | |
Merge pull request #899 from bginsbach/auth-9218
AUTH-9218 Improvements
Diffstat (limited to 'include/tests_authentication')
| -rw-r--r-- | include/tests_authentication | 46 |
1 files changed, 1 insertions, 45 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index a0402042..bf8cabe8 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -157,51 +157,7 @@ # Test : AUTH-9218 # Description : Check login shells for passwordless accounts # Notes : Results should be checked - Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --category security --description "Check login shells for passwordless accounts" - if [ ${SKIPTEST} -eq 0 ]; then - FOUND=0 - LogText "Test: Checking login shells" - if [ -f ${ROOTDIR}etc/master.passwd ]; then - # Check for all shells, except: (/usr)/sbin/nologin /nonexistent - FIND=$(${GREPBINARY} "[a-z]:\*:" /etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g') - if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN - else - Display --indent 2 --text "- Login shells" --result "${STATUS_WARNING}" --color RED - for LINE in ${FIND}; do - LINE=$(echo ${LINE} | ${SEDBINARY} 's/!space!/ /g') - SHELL=$(echo ${LINE} | ${AWKBINARY} -F: '{ print $10 }') - LogText "Output: ${LINE}" - if [ -z "${SHELL}" ]; then - LogText "Result: found no shell on line" - else - LogText "Result: found possible harmful shell ${SHELL}" - if [ -f ${SHELL} ]; then - LogText "Result: shell ${SHELL} does exist" - FOUND=1 - else - LogText "Result: shell ${SHELL} does not exist" - ReportSuggestion "${TEST_NO}" "Determine if account is needed, as shell ${SHELL} does not exist" - fi - fi - done - if [ ${FOUND} -eq 1 ]; then - ReportWarning "${TEST_NO}" "Possible harmful shell found (for passwordless account!)" - fi - fi - else - Display --indent 2 --text "- Login shells" --result "${STATUS_SKIPPED}" --color WHITE - LogText "Result: No /etc/master.passwd file found" - fi - unset LINE SHELL - fi -# -################################################################################# -# - # Test : AUTH-9489 - # Description : Check login shells for passwordless accounts - # Notes : Results should be checked - Register --test-no AUTH-9489 --os DragonFly --weight L --network NO --category security --description "Check login shells for passwordless accounts" + Register --test-no AUTH-9218 --os "DragonFly FreeBSD NetBSD OpenBSD" --root-only YES --weight L --network NO --category security --description "Check login shells for passwordless accounts" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 LogText "Test: Checking login shells" |