diff options
author | Zach Crownover <zachary.crownover@gmail.com> | 2016-11-19 15:39:57 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-11-19 15:39:57 +0300 |
commit | 659d3e42c5dcc6a60dff5f1e2301064132d98c45 (patch) | |
tree | a7f30b0e5654ca25c99cd722ec549fc6c06a3979 /include/tests_authentication | |
parent | 483a45e50684ae80edc278f685ea28a390a2047f (diff) |
Improve DragonFly support (#329)
* Update facter location for BSDs
BSDs tend to place third party binaries in /usr/local rather than /usr
* Add support for DragonFly boot loader detection
DragonFly BSD has the same file paths for the bootloader as FreeBSD
* Add kernel module checking for DragonFly
DragonFly BSD checks kernel modules the same way as FreeBSD
* Add DragonFly check for login shells
DragonFly's login files are the same as FreeBSD's
* Add HAMMER PFS Detection
All PFS mounts in HAMMER systems for DragonFly will be detected now
Diffstat (limited to 'include/tests_authentication')
-rw-r--r-- | include/tests_authentication | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index ab424aee..42426a2a 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -194,6 +194,50 @@ # ################################################################################# # + # Test : AUTH-9489 + # Description : Check login shells for passwordless accounts + # Notes : Results should be checked + Register --test-no AUTH-9489 --os DragonFly --weight L --network NO --category security --description "Check login shells for passwordless accounts" + if [ ${SKIPTEST} -eq 0 ]; then + FOUND=0 + LogText "Test: Checking login shells" + if [ -f /etc/master.passwd ]; then + # Check for all shells, except: (/usr)/sbin/nologin /nonexistent + FIND=`${GREPBINARY} "[a-z]:\*:" /etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g'` + if [ "${FIND}" = "" ]; then + Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN + else + Display --indent 2 --text "- Login shells" --result "${STATUS_WARNING}" --color RED + for LINE in ${FIND}; do + LINE=$(echo ${LINE} | ${SEDBINARY} 's/!space!/ /g') + SHELL=$(echo ${LINE} | ${AWKBINARY} -F: '{ print $10 }') + LogText "Output: ${LINE}" + if [ -z "${SHELL}" ]; then + LogText "Result: found no shell on line" + else + LogText "Result: found possible harmful shell ${SHELL}" + if [ -f ${SHELL} ]; then + LogText "Result: shell ${SHELL} does exist" + FOUND=1 + else + LogText "Result: shell ${SHELL} does not exist" + ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${SHELL} does not exist" + fi + fi + done + if [ ${FOUND} -eq 1 ]; then + ReportWarning ${TEST_NO} "Possible harmful shell found (for passwordless account!)" + fi + fi + else + Display --indent 2 --text "- Login shells" --result "${STATUS_SKIPPED}" --color WHITE + LogText "Result: No /etc/master.passwd file found" + fi + unset LINE SHELL + fi +# +################################################################################# +# # Test : AUTH-9222 # Description : Check unique group IDs Register --test-no AUTH-9222 --weight L --network NO --category security --description "Check unique groups (IDs)" |