From bd6e1d5d395536963a5d66a95c147435cd7d914b Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Thu, 22 Oct 2020 14:17:01 +0200
Subject: Include AUTH-9284 and minor changes

---
 CHANGELOG.md                 | 1 +
 db/tests.db                  | 1 +
 include/tests_authentication | 8 ++++----
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index edb1f41e..69123178 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Lynis 3.0.2 (not released yet)
 
 ### Added
+- AUTH-9284 - Scan for locked user accounts in /etc/passwd
 - Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS
 - Alpine, macOS and Mageia EOL dates
 
diff --git a/db/tests.db b/db/tests.db
index 26fc8f87..6efe1a1a 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -37,6 +37,7 @@ AUTH-9268:test:security:authentication::Checking presence pam.d files:
 AUTH-9278:test:security:authentication::Checking LDAP pam status:
 AUTH-9282:test:security:authentication::Checking password protected account without expire date:
 AUTH-9283:test:security:authentication::Checking accounts without password:
+AUTH-9284:test:security:authentication::Checking locked user accounts in /etc/passwd:
 AUTH-9286:test:security:authentication::Checking user password aging:
 AUTH-9288:test:security:authentication::Checking for expired passwords:
 AUTH-9304:test:security:authentication:Solaris:Check single user login configuration:
diff --git a/include/tests_authentication b/include/tests_authentication
index a3c97bff..6186881a 100644
--- a/include/tests_authentication
+++ b/include/tests_authentication
@@ -927,8 +927,8 @@
 #################################################################################
 #
     # Test        : AUTH-9284
-    # Description : Search locked accounts
-    Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking locked accounts"
+    # Description : Check locked user accounts in /etc/passwd
+    Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check locked user accounts in /etc/passwd"
     if [ "${SKIPTEST}" -eq 0 ]; then
         LogText "Test: Checking locked accounts"
         NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' /etc/passwd | sort | uniq)
@@ -946,11 +946,11 @@
             for account in ${FIND3}; do
                 if echo "${NON_SYSTEM_ACCOUNTS}" | grep -w "${account}" > /dev/null ; then
                     LogText "Locked account: ${account}"
-                    Report "locked_account=${account}"
+                    Report "locked_account[]=${account}"
                 fi
             done
             Display --indent 2 --text "- Locked accounts" --result "${STATUS_WARNING}" --color RED
-            ReportWarning "${TEST_NO}" "Found locked accounts"
+            ReportSuggestion "${TEST_NO}" "Look at the locked accounts and consider removing them"
         fi
     fi
 #
-- 
cgit v1.2.3