elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-09-04 21:48:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add debian12 scripts

Browse Source 
- sudo_re_authenticate.sh 	-> 5.2.5
- pam_pwhistory_enabled.sh 	-> 5.3.2.4
- pam_faillock_enabled.sh	-> 5.3.2.2
This is an updated version of enable_lockout_failed_password.sh (renamed)

- pam_unix_enabled.sh  		-> 5.3.2.1
- password_failed_lockout.sh 	-> 5.3.3.1.1
- password_unlock_time.sh 	-> 5.3.3.1.2
- password_root_unlock.sh 	-> 5.3.3.1.3
This commit is contained in:
damien cavagnini
2025-08-08 16:12:00 +02:00
parent 1926758707
commit 37b4f5982e
17 changed files with 814 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/hardening/sudo_re_authenticate.sh Normal file
View File

@@ -0,0 +1,20 @@
# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
# shellcheck disable=2154
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe prepare failing test
echo "Defaults !authenticate" >/etc/sudoers.d/sudo_test
describe Running on blank host
register_test retvalshouldbe 1
# shellcheck disable=2154
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe clean test
rm -f /etc/sudoers.d/sudo_test
}