debian-cis/tests/hardening/6.2.1_remove_empty_password_field.sh

31 lines
1014 B
Bash
Raw Normal View History

# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
local test_user="testemptypassworduser"
describe Tests purposely failing
useradd "$test_user"
sed -i "s/$test_user:\!/$test_user:/" /etc/shadow
register_test retvalshouldbe 1
register_test contain "Some accounts have an empty password"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "All accounts have a password"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# cleanup
userdel "$test_user"
}