diff options
| author | danielorihuelarodriguez@gmail.com <danielorihuelarodriguez@gmail.com> | 2020-08-23 20:54:59 +0300 |
|---|---|---|
| committer | danielorihuelarodriguez@gmail.com <danielorihuelarodriguez@gmail.com> | 2020-08-23 20:54:59 +0300 |
| commit | c857ee7cf2c3e11b37c84d41e50f7f39806a4a4f (patch) | |
| tree | 54eea164dc01b83d86a9eb3efc1ddefc321b5a1f /include/tests_authentication | |
| parent | 6bad6b058bcdcfd536bad57f05470304b9020b6f (diff) | |
fix: take into account unlocked system accounts
Diffstat (limited to 'include/tests_authentication')
| -rw-r--r-- | include/tests_authentication | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index 48877a35..27b6b29f 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -931,17 +931,22 @@ Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking locked accounts" if [ "${SKIPTEST}" -eq 0 ]; then LogText "Test: Checking locked accounts" - SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 <= 999 || $3 == 65534 {print $1}' /etc/passwd | sort | uniq) - if [ "${FIND3}" = "${SYSTEM_ACCOUNTS}" ]; then + NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' /etc/passwd | sort | uniq) + LOCKED_NON_SYSTEM_ACCOUNTS=0 + for account in ${FIND3};do + if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then + LOCKED_NON_SYSTEM_ACCOUNTS=$((LOCKED_NON_SYSTEM_ACCOUNTS+1)) + fi + done + if [ $LOCKED_NON_SYSTEM_ACCOUNTS -eq 0 ]; then LogText "Result: all accounts seem to be unlocked" Display --indent 2 --text "- Locked accounts" --result "${STATUS_OK}" --color GREEN else LogText "Result: found one or more locked accounts" - NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' /etc/passwd | sort | uniq) - for I in ${FIND3}; do - if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${I}" > /dev/null ; then - LogText "Locked account: ${I}" - Report "locked_account=${I}" + for account in ${FIND3}; do + if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then + LogText "Locked account: ${account}" + Report "locked_account=${account}" fi done Display --indent 2 --text "- Locked accounts" --result "${STATUS_WARNING}" --color RED |