diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-01 18:28:05 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-01 18:28:05 +0300 |
| commit | 2c566516981531e814158fead285161ad996d083 (patch) | |
| tree | 083be1cbda04d65c768c505242709227c2243cce /plugins | |
| parent | 295fe93ca64db785c280c9a9d4479ef56d91f87f (diff) | |
Added PLGN-0008 to parse /etc/security/pwquality.conf
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/plugin_pam_phase1 | 49 |
1 files changed, 45 insertions, 4 deletions
diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index e7c706a4..e558031e 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -6,21 +6,62 @@ #----------------------------------------------------- # PLUGIN_AUTHOR=Michael Boelen <michael.boelen@cisofy.com> # PLUGIN_CATEGORY=authentication -# PLUGIN_DATE=2015-10-21 +# PLUGIN_DATE=2017-03-01 # PLUGIN_DESC=PAM # PLUGIN_NAME=pam # PLUGIN_PACKAGE=all # PLUGIN_REQUIRED_TESTS= -# PLUGIN_VERSION=1.0.0 +# PLUGIN_VERSION=1.0.1 #----------------------------------------------------- ######################################################################### # + # Variables MAX_PASSWORD_RETRY="" + PAM_DIRECTORY="${ROOTDIR}etc/pam.d" + + # Test : PLGN-0008 + # Description : Check PAM configuration + FILE="${ROOTDIR}etc/security/pwquality.conf" + if [ -f ${FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no PLGN-0008 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration (pwquality.conf)" --progress + if [ ${SKIPTEST} -eq 0 ]; then + for LINE in $(${GREPBINARY} -v "^#" ${FILE} | ${TRBINARY} -d " "); do + for I in ${LINE}; do + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') + case ${OPTION} in + minlen) + DigitsOnly ${VALUE} + MIN_PASSWORD_LENGTH=${VALUE} + ;; + retry) + DigitsOnly ${VALUE} + MAX_PASSWORD_RETRY=${VALUE} + ;; + minclass) + MIN_PASSWORD_CLASS=${VALUE} + ;; + dcredit) + CREDITS_D_PASSWORD=${VALUE} + ;; + lcredit) + CREDITS_L_PASSWORD=${VALUE} + ;; + ocredit) + CREDITS_O_PASSWORD=${VALUE} + ;; + ucredit) + CREDITS_U_PASSWORD=${VALUE} + ;; + esac + done + done + fi + - PAM_DIRECTORY="/etc/pam.d" # Test : PLGN-0010 # Description : Check PAM configuration - if [ -f /etc/pam.conf -o -d /etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ -f ${ROOTDIR}etc/pam.conf -o -d ${ROOTDIR}etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-0010 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration" --progress if [ ${SKIPTEST} -eq 0 ]; then FOUNDPROBLEM=0 |