diff options
| author | mboelen <michael@cisofy.com> | 2015-07-22 17:28:11 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-07-22 17:28:11 +0300 |
| commit | 66fb36959339c2b6b4594ca11ffdb0e279164e50 (patch) | |
| tree | 11c7135141b4933dd7b8a0a7f1558d4ca757a76d /include/tests_authentication | |
| parent | 1775590ba70ce52d6362141e395ecc1e80ddc4fa (diff) | |
Copyright line changes and cleanups
Diffstat (limited to 'include/tests_authentication')
| -rw-r--r-- | include/tests_authentication | 41 |
1 files changed, 2 insertions, 39 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 442e20ab..b00ef5ad 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -389,7 +389,6 @@ if [ ${FOUND} -eq 1 ]; then logtext "Result: sudoers file found (${SUDOERS_FILE})" Display --indent 2 --text "- Checking sudoers file" --result FOUND --color GREEN - # YYY add more tests to audit sudoers file else logtext "Result: sudoers file NOT found" Display --indent 2 --text "- Checking sudoers file" --result "NOT FOUND" --color YELLOW @@ -590,7 +589,6 @@ else logtext "Result: LDAP module not found" Display --indent 2 --text "- Checking LDAP module in PAM" --result "NOT FOUND" --color WHITE - # YYY display message when ldap is enabled in /etc/passwd, but not found in PAM fi else logtext "Result: file /etc/pam.d/common-auth not found, skipping test" @@ -673,7 +671,6 @@ logtext "Test: Checking PASS_MAX_DAYS option in /etc/login.defs " FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'` if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then - # YYY check if LDAP is used with password policies logtext "Result: password aging limits are not configured" Display --indent 2 --text "- Checking user password aging" --result DISABLED --color YELLOW ReportSuggestion ${TEST_NO} "Configure password aging limits to enforce password changing on a regular base" @@ -690,7 +687,7 @@ # # Test : AUTH-9304 # Description : Check if single user mode login is properly configured in Solaris - # Notes : sulogin should be called from svm script (Solaris <10) in /etc/rcS.d (YYY) + # Notes : sulogin should be called from svm script (Solaris <10) in /etc/rcS.d Register --test-no AUTH-9304 --os Solaris --weight L --network NO --description "Check single user login configuration" if [ ${SKIPTEST} -eq 0 ]; then # Check if file exists (Solaris 10 does not have this file by default) @@ -791,7 +788,6 @@ AddHP 2 2 fi else - # YYY logtext "Result: No inittab or init file found, unsure if system is protected" fi fi @@ -1070,7 +1066,6 @@ Display --indent 6 --text "LDAP server: ${I}" logtext "Result: found LDAP server ${I}" report "ldap_server[]=${I}" - # YYY check if host(s) are reachable/respond to queries done else logtext "Result: ${I} does NOT exist" @@ -1080,38 +1075,6 @@ # ################################################################################# # - # Test : AUTH-92xx - # Description : login.access checks - #Register --test-no AUTH-92xx --weight L --network NO --description "login.access checks" -# -################################################################################# -# -# pam_unix.so -# pam_cracklib.so -# pam_pwcheck.so -# pam_env.so -# pam_xauth.so -# pam_tally.so -# pam_wheel.so -# pam_limits.so -# pam_nologin.so -# pam_deny.so -# pam_securetty.so -# pam_time.so -# pam_access.so -# pam_listfile.so -# pam_lastlog.so -# pam_warn.so -# pam_console.so -# pam_resmgr.so -# pam_devperm.so -# -################################################################################# -# -# sudoers: Check for potential harmful commands like vi, echo, cat -# -################################################################################# -# report "ldap_auth_enabled=${LDAP_AUTH_ENABLED}" report "ldap_pam_enabled=${LDAP_PAM_ENABLED}" @@ -1123,4 +1086,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com |