From 2c566516981531e814158fead285161ad996d083 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Wed, 1 Mar 2017 16:28:05 +0100
Subject: Added PLGN-0008 to parse /etc/security/pwquality.conf

---
 plugins/plugin_pam_phase1 | 49 +++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 4 deletions(-)

(limited to 'plugins')

diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1
index e7c706a4..e558031e 100644
--- a/plugins/plugin_pam_phase1
+++ b/plugins/plugin_pam_phase1
@@ -6,21 +6,62 @@
 #-----------------------------------------------------
 # PLUGIN_AUTHOR=Michael Boelen <michael.boelen@cisofy.com>
 # PLUGIN_CATEGORY=authentication
-# PLUGIN_DATE=2015-10-21
+# PLUGIN_DATE=2017-03-01
 # PLUGIN_DESC=PAM
 # PLUGIN_NAME=pam
 # PLUGIN_PACKAGE=all
 # PLUGIN_REQUIRED_TESTS=
-# PLUGIN_VERSION=1.0.0
+# PLUGIN_VERSION=1.0.1
 #-----------------------------------------------------
 #########################################################################
 #
+    # Variables
     MAX_PASSWORD_RETRY=""
+    PAM_DIRECTORY="${ROOTDIR}etc/pam.d"
+
+    # Test        : PLGN-0008
+    # Description : Check PAM configuration
+    FILE="${ROOTDIR}etc/security/pwquality.conf"
+    if [ -f ${FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PLGN-0008 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration (pwquality.conf)" --progress
+    if [ ${SKIPTEST} -eq 0 ]; then
+        for LINE in $(${GREPBINARY} -v "^#" ${FILE} | ${TRBINARY} -d " "); do
+            for I in ${LINE}; do
+                OPTION=$(echo ${I} | awk -F= '{ print $1 }')
+                VALUE=$(echo ${I} | awk -F= '{ print $2 }')
+                case ${OPTION} in
+                    minlen)
+                        DigitsOnly ${VALUE}
+                        MIN_PASSWORD_LENGTH=${VALUE}
+                    ;;
+                    retry)
+                        DigitsOnly ${VALUE}
+                        MAX_PASSWORD_RETRY=${VALUE}
+                    ;;
+                    minclass)
+                        MIN_PASSWORD_CLASS=${VALUE}
+                    ;;
+                    dcredit)
+                        CREDITS_D_PASSWORD=${VALUE}
+                    ;;
+                    lcredit)
+                        CREDITS_L_PASSWORD=${VALUE}
+                    ;;
+                    ocredit)
+                        CREDITS_O_PASSWORD=${VALUE}
+                    ;;
+                    ucredit)
+                        CREDITS_U_PASSWORD=${VALUE}
+                    ;;
+                esac
+            done
+        done
+    fi
+
 
-    PAM_DIRECTORY="/etc/pam.d"
     # Test        : PLGN-0010
     # Description : Check PAM configuration
-    if [ -f /etc/pam.conf -o -d /etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -f ${ROOTDIR}etc/pam.conf -o -d ${ROOTDIR}etc/pam.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no PLGN-0010 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PAM configuration" --progress
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUNDPROBLEM=0
-- 
cgit v1.2.3