debian-cis/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh

33 lines
1.0 KiB
Bash
Raw Permalink Normal View History

# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
local test_user="testetcpasswduser"
2020-12-04 14:08:01 +01:00
describe Tests purposely failing
useradd "$test_user"
sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd
register_test retvalshouldbe 1
register_test contain "Some accounts have a legacy password entry"
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "All accounts have a valid password entry format"
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# cleanup
groupdel $test_user
useradd "$test_user"
userdel "$test_user"
}