diff options
Diffstat (limited to 'plugins/plugin_pam_phase1')
| -rw-r--r-- | plugins/plugin_pam_phase1 | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index 2d890a1f..c67c9aee 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -6,12 +6,12 @@ #----------------------------------------------------- # PLUGIN_AUTHOR=Michael Boelen <michael.boelen@cisofy.com> # PLUGIN_CATEGORY=authentication -# PLUGIN_DATE=2017-03-01 +# PLUGIN_DATE=2017-04-30 # PLUGIN_DESC=PAM # PLUGIN_NAME=pam # PLUGIN_PACKAGE=all # PLUGIN_REQUIRED_TESTS= -# PLUGIN_VERSION=1.0.1 +# PLUGIN_VERSION=1.0.2 #----------------------------------------------------- ######################################################################### # @@ -27,8 +27,8 @@ if [ ${SKIPTEST} -eq 0 ]; then for LINE in $(${GREPBINARY} -v "^#" ${FILE} | ${TRBINARY} -d " "); do for I in ${LINE}; do - OPTION=$(echo ${I} | awk -F= '{ print $1 }') - VALUE=$(echo ${I} | awk -F= '{ print $2 }') + OPTION=$(echo ${I} | ${AWKBINARY} -F= '{ print $1 }') + VALUE=$(echo ${I} | ${AWKBINARY} -F= '{ print $2 }') case ${OPTION} in minlen) DigitsOnly ${VALUE} @@ -69,8 +69,7 @@ if [ -d ${PAM_DIRECTORY} ]; then LogText "Result: /etc/pam.d exists" FIND_FILES=$(find ${PAM_DIRECTORY} -type f -print) - # First check /etc/pam.conf if it exists. - #if [ -f /etc/pam.conf ]; then FIND="/etc/pam.conf ${FIND}"; fi + for PAM_FILE in ${FIND_FILES}; do LogText "Now checking PAM file ${PAM_FILE}" while read line; do @@ -370,7 +369,7 @@ Report "authentication_two_factor_required=${PAM_2F_AUTH_ENABLED}" if [ ! "${AUTH_UNLOCK_TIME}" = "-1" ]; then LogText "[PAM] Authentication unlock time: ${AUTH_UNLOCK_TIME}" Report "authentication_unlock_time=${AUTH_UNLOCK_TIME}" - else +else LogText "[PAM] Authentication unlock time: not configured" fi @@ -383,7 +382,7 @@ fi if [ ! "${MIN_PASSWORD_LENGTH}" = "-1" ]; then LogText "[PAM] Minimum password length: ${MIN_PASSWORD_LENGTH}" Report "minimum_password_length=${MIN_PASSWORD_LENGTH}" - else +else LogText "[PAM] Minimum password length: not configured" fi @@ -395,7 +394,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Show how many password class are required out of 4 LogText "[PAM] Minimum password class out of 4: ${MIN_PASSWORD_CLASS}" Report "min_password_class=${MIN_PASSWORD_CLASS}" - else + else LogText "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced" Report "min_password_class=ignored" fi @@ -445,7 +444,7 @@ fi if [ ! -z "${MAX_PASSWORD_RETRY}" ]; then LogText "[PAM] Password maximum retry: ${MAX_PASSWORD_RETRY}" Report "max_password_retry=${MAX_PASSWORD_RETRY}" - else +else LogText "[PAM] Password maximum retry: Not configured" fi @@ -460,7 +459,7 @@ if [ ${PAM_PASSWORD_PWHISTORY_ENABLED} -eq 1 ]; then LogText "[PAM] Password history with pam_pwhistory enabled: ${PAM_PASSWORD_PWHISTORY_ENABLED}" LogText "[PAM] Password history with pam_pwhistory amount: ${PAM_PASSWORD_PWHISTORY_AMOUNT}" Report "password_history_amount=${PAM_PASSWORD_PWHISTORY_AMOUNT}" - else +else LogText "[PAM] Password history with pam_pwhistory IS NOT enabled" fi @@ -468,7 +467,7 @@ if [ ${PAM_PASSWORD_UXHISTORY_ENABLED} -eq 1 ]; then LogText "[PAM] Password history with pam_unix enabled: ${PAM_PASSWORD_UXHISTORY_ENABLED}" LogText "[PAM] Password history with pam_unix amount: ${PAM_PASSWORD_UXHISTORY_AMOUNT}" Report "password_history_amount=${PAM_PASSWORD_UXHISTORY_AMOUNT}" - else +else LogText "[PAM] Password history with pam_unix IS NOT enabled" fi |