Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_authentication
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_authentication')
-rw-r--r--include/tests_authentication404
1 files changed, 202 insertions, 202 deletions
diff --git a/include/tests_authentication b/include/tests_authentication
index a14d62ee..9e4d36db 100644
--- a/include/tests_authentication
+++ b/include/tests_authentication
@@ -194,18 +194,18 @@
# Description : Check for non unique groups
Register --test-no AUTH-9222 --weight L --network NO --description "Check for non unique groups"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking for non unique group ID's in /etc/group"
- FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d`
- if [ "${FIND}" = "" ]; then
- Display --indent 2 --text "- Checking non unique group ID's..." --result OK --color GREEN
- logtext "Result: All group ID's are unique"
- else
- Display --indent 2 --text "- Checking non unique group ID's..." --result WARNING --color RED
- logtext "Result: Found the same group ID multiple times"
- logtext "Output: ${FIND}"
- ReportWarning ${TEST_NO} "H" "Found multiple groups with same group ID"
- ReportSuggestion ${TEST_NO} "Check your /etc/group file and correct inconsistencies"
- fi
+ logtext "Test: Checking for non unique group ID's in /etc/group"
+ FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d`
+ if [ "${FIND}" = "" ]; then
+ Display --indent 2 --text "- Checking non unique group ID's..." --result OK --color GREEN
+ logtext "Result: All group ID's are unique"
+ else
+ Display --indent 2 --text "- Checking non unique group ID's..." --result WARNING --color RED
+ logtext "Result: Found the same group ID multiple times"
+ logtext "Output: ${FIND}"
+ ReportWarning ${TEST_NO} "H" "Found multiple groups with same group ID"
+ ReportSuggestion ${TEST_NO} "Check your /etc/group file and correct inconsistencies"
+ fi
fi
#
#################################################################################
@@ -277,17 +277,17 @@
if [ -x /usr/sbin/pwck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no AUTH-9230 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking password file consistency (pwck)"
- FIND=`/usr/sbin/pwck 2> /dev/null; echo $?`
- if [ "${FIND}" = "0" ]; then
- Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
- logtext "Result: pwck finished didn't find problems"
- else
- Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
- logtext "Result: pwck found one or more errors/warnings in the password file."
- ReportWarning ${TEST_NO} "M" "pwck found one or more errors/warnings in the password file"
- ReportSuggestion ${TEST_NO} "Run pwck manually and correct found issues."
- fi
+ logtext "Test: Checking password file consistency (pwck)"
+ FIND=`/usr/sbin/pwck 2> /dev/null; echo $?`
+ if [ "${FIND}" = "0" ]; then
+ Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
+ logtext "Result: pwck finished didn't find problems"
+ else
+ Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
+ logtext "Result: pwck found one or more errors/warnings in the password file."
+ ReportWarning ${TEST_NO} "M" "pwck found one or more errors/warnings in the password file"
+ ReportSuggestion ${TEST_NO} "Run pwck manually and correct found issues."
+ fi
fi
#
#################################################################################
@@ -342,7 +342,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Read real system users (including root user) from /etc/passwd..."
FIND=""
-
+
if [ "${OS}" = "FreeBSD" ]; then
logtext "FreeBSD real users output (ID > 1000, but not 65534):"
FIND=`awk -F: '($3 > 1000) && ($3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd`
@@ -377,25 +377,25 @@
# Description : Query NIS+ authentication support
Register --test-no AUTH-9240 --weight L --network NO --description "Query NIS+ authentication support"
if [ ${SKIPTEST} -eq 0 ]; then
- if [ -f /etc/nsswitch.conf ]; then
- FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nisplus"`
- if [ "${FIND}" = "" ]; then
- logtext "Result: NIS+ authentication not enabled"
- Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
- else
- FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nisplus"`
- FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nisplus"`
- if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
- logtext "Result: NIS+ authentication enabled"
- Display --indent 2 --text "- Checking NIS+ authentication support" --result "ENABLED" --color GREEN
- else
- logtext "Result: NIS+ authentication not enabled"
- Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
- fi
- fi
- else
- logtext "Result: /etc/nsswitch.conf not found"
- fi
+ if [ -f /etc/nsswitch.conf ]; then
+ FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nisplus"`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: NIS+ authentication not enabled"
+ Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
+ else
+ FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nisplus"`
+ FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nisplus"`
+ if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
+ logtext "Result: NIS+ authentication enabled"
+ Display --indent 2 --text "- Checking NIS+ authentication support" --result "ENABLED" --color GREEN
+ else
+ logtext "Result: NIS+ authentication not enabled"
+ Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
+ fi
+ fi
+ else
+ logtext "Result: /etc/nsswitch.conf not found"
+ fi
fi
#
#################################################################################
@@ -404,25 +404,25 @@
# Description : Query NIS authentication support
Register --test-no AUTH-9242 --weight L --network NO --description "Query NIS authentication support"
if [ ${SKIPTEST} -eq 0 ]; then
- if [ -f /etc/nsswitch.conf ]; then
- FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nis" | grep -v "nisplus"`
- if [ "${FIND}" = "" ]; then
- logtext "Result: NIS authentication not enabled"
- Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
- else
- FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
- FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
- if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
- logtext "Result: NIS authentication enabled"
- Display --indent 2 --text "- Checking NIS authentication support" --result "ENABLED" --color GREEN
- else
- logtext "Result: NIS authentication not enabled"
- Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
- fi
- fi
- else
- logtext "Result: /etc/nsswitch.conf not found"
- fi
+ if [ -f /etc/nsswitch.conf ]; then
+ FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nis" | grep -v "nisplus"`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: NIS authentication not enabled"
+ Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
+ else
+ FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
+ FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
+ if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
+ logtext "Result: NIS authentication enabled"
+ Display --indent 2 --text "- Checking NIS authentication support" --result "ENABLED" --color GREEN
+ else
+ logtext "Result: NIS authentication not enabled"
+ Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
+ fi
+ fi
+ else
+ logtext "Result: /etc/nsswitch.conf not found"
+ fi
fi
#
#################################################################################
@@ -450,22 +450,22 @@
if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0
for I in ${SUDOERS_LOCATIONS}; do
- logtext "Test: checking presence ${I}"
- if [ -f ${I} ]; then
- FOUND=1
- SUDOERS_FILE="${I}"
- logtext "Result: found file (${SUDOERS_FILE})"
- else
- logtext "Result: file ${I} not found"
- fi
- done
- if [ ${FOUND} -eq 1 ]; then
- logtext "Result: sudoers file found (${SUDOERS_FILE})"
- Display --indent 2 --text "- Checking sudoers file" --result FOUND --color GREEN
- # YYY add more tests to audit sudoers file
- else
- logtext "Result: sudoers file NOT found"
- Display --indent 2 --text "- Checking sudoers file" --result "NOT FOUND" --color YELLOW
+ logtext "Test: checking presence ${I}"
+ if [ -f ${I} ]; then
+ FOUND=1
+ SUDOERS_FILE="${I}"
+ logtext "Result: found file (${SUDOERS_FILE})"
+ else
+ logtext "Result: file ${I} not found"
+ fi
+ done
+ if [ ${FOUND} -eq 1 ]; then
+ logtext "Result: sudoers file found (${SUDOERS_FILE})"
+ Display --indent 2 --text "- Checking sudoers file" --result FOUND --color GREEN
+ # YYY add more tests to audit sudoers file
+ else
+ logtext "Result: sudoers file NOT found"
+ Display --indent 2 --text "- Checking sudoers file" --result "NOT FOUND" --color YELLOW
fi
fi
#
@@ -476,16 +476,16 @@
if [ ! "${SUDOERS_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no AUTH-9252 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check sudoers file"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: checking sudoers file (${SUDOERS_FILE}) permissions"
- FIND=`ls -l ${SUDOERS_FILE} | cut -c 2-10`
- logtext "Result: Found file permissions: ${FIND}"
- if [ "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "r--r-----" ]; then
- logtext "Result: file ${SUDOERS_FILE} has correct permissions"
- Display --indent 4 --text "- Check sudoers file permissions" --result OK --color GREEN
- else
- logtext "Result: file has possibly unsafe file permissions"
- Display --indent 4 --text "- Check sudoers file permissions" --result WARNING --color RED
- fi
+ logtext "Test: checking sudoers file (${SUDOERS_FILE}) permissions"
+ FIND=`ls -l ${SUDOERS_FILE} | cut -c 2-10`
+ logtext "Result: Found file permissions: ${FIND}"
+ if [ "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "r--r-----" ]; then
+ logtext "Result: file ${SUDOERS_FILE} has correct permissions"
+ Display --indent 4 --text "- Check sudoers file permissions" --result OK --color GREEN
+ else
+ logtext "Result: file has possibly unsafe file permissions"
+ Display --indent 4 --text "- Check sudoers file permissions" --result WARNING --color RED
+ fi
fi
#
#################################################################################
@@ -494,16 +494,16 @@
# Description : Solaris test to check passwordless accounts
Register --test-no AUTH-9254 --os Solaris --weight L --network NO --description "Solaris passwordless accounts"
if [ ${SKIPTEST} -eq 0 ]; then
- FIND=`logins -p | awk '{ print $1 }'`
- if [ "${FIND}" = "" ]; then
- logtext "Result: no passwordless accounts found"
- Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result OK --color GREEN
- else
- for I in ${FIND}; do
- ReportWarning ${TEST_NO} "H" "Found passwordless account (${I})"
- done
- Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result WARNING --color RED
- fi
+ FIND=`logins -p | awk '{ print $1 }'`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: no passwordless accounts found"
+ Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result OK --color GREEN
+ else
+ for I in ${FIND}; do
+ ReportWarning ${TEST_NO} "H" "Found passwordless account (${I})"
+ done
+ Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result WARNING --color RED
+ fi
fi
#
#################################################################################
@@ -624,25 +624,25 @@
# Description : Scan /etc/pam.conf file
Register --test-no AUTH-9264 --weight L --network NO --description "Checking presence pam.conf"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking file /etc/pam.conf"
- if [ -f /etc/pam.conf ]; then
- logtext "Result: file /etc/pam.conf exists"
- Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result FOUND --color GREEN
- logtext "Test: searching PAM configuration files"
- FIND=`cat /etc/pam.conf | grep -v "^#" | grep -v "^$" | sed 's/ /!space!/g'`
- if [ "${FIND}" = "" ]; then
- logtext "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)"
- else
- logtext "Result: found one or more configuration lines"
- for I in ${FIND}; do
- I=`echo ${I} | sed 's/!space!/ /g'`
- logtext "Found line: ${I}"
- done
- fi
- else
- logtext "Result: file /etc/pam.conf could not be found"
- Display --indent 2 --text "- Checking PAM configuration file (pam.conf)" --result "NOT FOUND" --color WHITE
- fi
+ logtext "Test: Checking file /etc/pam.conf"
+ if [ -f /etc/pam.conf ]; then
+ logtext "Result: file /etc/pam.conf exists"
+ Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result FOUND --color GREEN
+ logtext "Test: searching PAM configuration files"
+ FIND=`cat /etc/pam.conf | grep -v "^#" | grep -v "^$" | sed 's/ /!space!/g'`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)"
+ else
+ logtext "Result: found one or more configuration lines"
+ for I in ${FIND}; do
+ I=`echo ${I} | sed 's/!space!/ /g'`
+ logtext "Found line: ${I}"
+ done
+ fi
+ else
+ logtext "Result: file /etc/pam.conf could not be found"
+ Display --indent 2 --text "- Checking PAM configuration file (pam.conf)" --result "NOT FOUND" --color WHITE
+ fi
fi
#
#################################################################################
@@ -651,19 +651,19 @@
# Description : Searching available PAM configurations (/etc/pam.d)
Register --test-no AUTH-9266 --weight L --network NO --description "Checking presence pam.d files"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking directory /etc/pam.d"
- if [ -d /etc/pam.d ]; then
- logtext "Result: directory /etc/pam.d exists"
- Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result FOUND --color GREEN
- logtext "Test: searching PAM configuration files"
- FIND=`find /etc/pam.d -type f -print | sort`
- for I in ${FIND}; do
- logtext "Found file: ${I}"
- done
- else
- logtext "Result: directory /etc/pam.d could not be found"
- Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result "NOT FOUND" --color WHITE
- fi
+ logtext "Test: Checking directory /etc/pam.d"
+ if [ -d /etc/pam.d ]; then
+ logtext "Result: directory /etc/pam.d exists"
+ Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result FOUND --color GREEN
+ logtext "Test: searching PAM configuration files"
+ FIND=`find /etc/pam.d -type f -print | sort`
+ for I in ${FIND}; do
+ logtext "Found file: ${I}"
+ done
+ else
+ logtext "Result: directory /etc/pam.d could not be found"
+ Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result "NOT FOUND" --color WHITE
+ fi
fi
#
#################################################################################
@@ -709,25 +709,25 @@
# Description : Search LDAP support in PAM files
Register --test-no AUTH-9278 --weight L --network NO --description "Checking LDAP pam status"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: checking presence /etc/pam.d/common-auth"
- if [ -f /etc/pam.d/common-auth ]; then
- logtext "Result: file /etc/pam.d/common-auth exists"
- logtext "Test: checking presence LDAP module"
- FIND=`cat /etc/pam.d/common-auth | grep "^auth" | grep "ldap"`
- if [ ! "${FIND}" = "" ]; then
- logtext "Result: LDAP module present"
- logtext "Output: ${FIND}"
- Display --indent 2 --text "- Checking LDAP module in PAM" --result FOUND --color GREEN
+ logtext "Test: checking presence /etc/pam.d/common-auth"
+ if [ -f /etc/pam.d/common-auth ]; then
+ logtext "Result: file /etc/pam.d/common-auth exists"
+ logtext "Test: checking presence LDAP module"
+ FIND=`cat /etc/pam.d/common-auth | grep "^auth" | grep "ldap"`
+ if [ ! "${FIND}" = "" ]; then
+ logtext "Result: LDAP module present"
+ logtext "Output: ${FIND}"
+ Display --indent 2 --text "- Checking LDAP module in PAM" --result FOUND --color GREEN
LDAP_AUTH_ENABLED=1
LDAP_PAM_ENABLED=1
- else
- logtext "Result: LDAP module not found"
- Display --indent 2 --text "- Checking LDAP module in PAM" --result "NOT FOUND" --color WHITE
- # YYY display message when ldap is enabled in /etc/passwd, but not found in PAM
- fi
- else
- logtext "Result: file /etc/pam.d/common-auth not found, skipping test"
- fi
+ else
+ logtext "Result: LDAP module not found"
+ Display --indent 2 --text "- Checking LDAP module in PAM" --result "NOT FOUND" --color WHITE
+ # YYY display message when ldap is enabled in /etc/passwd, but not found in PAM
+ fi
+ else
+ logtext "Result: file /etc/pam.d/common-auth not found, skipping test"
+ fi
fi
#
#################################################################################
@@ -740,13 +740,13 @@
case ${LINUX_VERSION} in
"SuSE")
PREQS_MET="YES"
- FIND=`passwd -a -S | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
- FIND2=`passwd -a -S | awk '{ if ($2=="NP") print $1 }'`
+ FIND=`passwd -a -S 2> /dev/null | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
+ FIND2=`passwd -a -S 2> /dev/null | awk '{ if ($2=="NP") print $1 }'`
;;
*)
PREQS_MET="YES"
- FIND=`passwd --all --status | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
- FIND2=`passwd --all --status | awk '{ if ($2=="NP") print $1 }'`
+ FIND=`passwd --all --status 2> /dev/null | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
+ FIND2=`passwd --all --status 2> /dev/null | awk '{ if ($2=="NP") print $1 }'`
;;
esac
else
@@ -803,20 +803,20 @@
if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no AUTH-9286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking user password aging"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking PASS_MAX_DAYS option in /etc/login.defs "
- FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'`
- if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then
- # YYY check if LDAP is used with password policies
- logtext "Result: password aging limits are not configured"
- Display --indent 2 --text "- Checking user password aging" --result DISABLED --color YELLOW
- ReportSuggestion ${TEST_NO} "Configure password aging limits to enforce password changing on a regular base"
- AddHP 0 1
- else
- logtext "Result: accounts with password aging set are checked against PASS_MAX_DAYS"
- logtext "Result: value of PASS_MAX_DAYS is ${FIND}"
- Display --indent 2 --text "- Checking user password aging" --result OK --color GREEN
- AddHP 3 3
- fi
+ logtext "Test: Checking PASS_MAX_DAYS option in /etc/login.defs "
+ FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'`
+ if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then
+ # YYY check if LDAP is used with password policies
+ logtext "Result: password aging limits are not configured"
+ Display --indent 2 --text "- Checking user password aging" --result DISABLED --color YELLOW
+ ReportSuggestion ${TEST_NO} "Configure password aging limits to enforce password changing on a regular base"
+ AddHP 0 1
+ else
+ logtext "Result: accounts with password aging set are checked against PASS_MAX_DAYS"
+ logtext "Result: value of PASS_MAX_DAYS is ${FIND}"
+ Display --indent 2 --text "- Checking user password aging" --result OK --color GREEN
+ AddHP 3 3
+ fi
fi
#
#################################################################################
@@ -831,24 +831,24 @@
# Notes : sulogin should be called from svm script (Solaris <10) in /etc/rcS.d (YYY)
Register --test-no AUTH-9304 --os Solaris --weight L --network NO --description "Check single user login configuration"
if [ ${SKIPTEST} -eq 0 ]; then
- # Check if file exists (Solaris 10 does not have this file by default)
- if [ -f /etc/default/sulogin ]; then
- logtext "Result: file /etc/default/sulogin exists"
- logtext "Test: checking presence PASSREQ=NO"
- FIND=`grep "^PASSREQ=NO" /etc/default/sulogin`
- if [ "${FIND}" = "" ]; then
- logtext "Result: option not present or configured to request a password at single user mode login"
- Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result OK --color GREEN
- AddHP 1 1
- else
- logtext "Result: option present, no password needed at single user mode login"
- Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result WARNING --color RED
- ReportWarning ${TEST_NO} "H" "No password needed for single user mode login"
- AddHP 0 1
- fi
- else
- logtext "Result: file /etc/default/sulogin does not exist"
- fi
+ # Check if file exists (Solaris 10 does not have this file by default)
+ if [ -f /etc/default/sulogin ]; then
+ logtext "Result: file /etc/default/sulogin exists"
+ logtext "Test: checking presence PASSREQ=NO"
+ FIND=`grep "^PASSREQ=NO" /etc/default/sulogin`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: option not present or configured to request a password at single user mode login"
+ Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result OK --color GREEN
+ AddHP 1 1
+ else
+ logtext "Result: option present, no password needed at single user mode login"
+ Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result WARNING --color RED
+ ReportWarning ${TEST_NO} "H" "No password needed for single user mode login"
+ AddHP 0 1
+ fi
+ else
+ logtext "Result: file /etc/default/sulogin does not exist"
+ fi
fi
#
#################################################################################
@@ -860,25 +860,25 @@
# disabled a required login.
Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --description "Check single boot authentication"
if [ ${SKIPTEST} -eq 0 ]; then
- # Check if file exists
- logtext "Test: Searching /tcb/files/auth/system/default"
- if [ -f /tcb/files/auth/system/default ]; then
- logtext "Result: file /tcb/files/auth/system/default exists"
- logtext "Test: checking presence :d_boot_authenticate@:"
- FIND=`grep "^:d_boot_authenticate@" /tcb/files/auth/system/default`
- if [ "${FIND}" = "" ]; then
- logtext "Result: option not set, password is needed at boot"
- Display --indent 2 --text "- Checking HP-UX boot authentication" --result OK --color GREEN
- AddHP 1 1
- else
- logtext "Result: option present, no password needed at single user mode login"
- Display --indent 2 --text "- Checking HP-UX boot authentication" --result SUGGESTION --color YELLOW
- ReportSuggestion ${TEST_NO} "Set password for system boot"
- AddHP 0 1
- fi
- else
- logtext "Result: file /tcb/files/auth/system/default does not exist"
- fi
+ # Check if file exists
+ logtext "Test: Searching /tcb/files/auth/system/default"
+ if [ -f /tcb/files/auth/system/default ]; then
+ logtext "Result: file /tcb/files/auth/system/default exists"
+ logtext "Test: checking presence :d_boot_authenticate@:"
+ FIND=`grep "^:d_boot_authenticate@" /tcb/files/auth/system/default`
+ if [ "${FIND}" = "" ]; then
+ logtext "Result: option not set, password is needed at boot"
+ Display --indent 2 --text "- Checking HP-UX boot authentication" --result OK --color GREEN
+ AddHP 1 1
+ else
+ logtext "Result: option present, no password needed at single user mode login"
+ Display --indent 2 --text "- Checking HP-UX boot authentication" --result SUGGESTION --color YELLOW
+ ReportSuggestion ${TEST_NO} "Set password for system boot"
+ AddHP 0 1
+ fi
+ else
+ logtext "Result: file /tcb/files/auth/system/default does not exist"
+ fi
fi
#
#################################################################################
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 13:06:05 +0300