mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-21 18:23:42 +02:00
fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1 (#237)
This commit is contained in:
@ -49,7 +49,7 @@ apply() {
|
||||
ok "$CONF_LINE is present in $CONF_FILE"
|
||||
else
|
||||
warn "$CONF_LINE is not present in $CONF_FILE"
|
||||
if [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
if [ "$DEB_MAJ_VER" = "sid" ] || [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
add_line_file_before_pattern "$CONF_FILE" "password [success=1 default=ignore] pam_unix.so yescrypt" "# pam-auth-update(8) for details."
|
||||
else
|
||||
add_line_file_before_pattern "$CONF_FILE" "password [success=1 default=ignore] pam_unix.so sha512" "# pam-auth-update(8) for details."
|
||||
@ -67,12 +67,11 @@ check_config() {
|
||||
# We need to call this in the subs called by main.sh when it is sourced, otherwise it would
|
||||
# either be too soon (DEB_MAJ_VER not defined) or too late (test has already been run)
|
||||
_set_vars_jit() {
|
||||
if [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
if [ "$DEB_MAJ_VER" = "sid" ] || [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*(sha512|yescrypt)" # https://github.com/ovh/debian-cis/issues/158
|
||||
else
|
||||
CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*sha512"
|
||||
fi
|
||||
unset -f _set_vars_jit
|
||||
}
|
||||
|
||||
# Source Root Dir Parameter
|
||||
|
@ -48,7 +48,7 @@ apply() {
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
add_end_of_file "$CONF_FILE" "$CONF_LINE"
|
||||
else
|
||||
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||
info "Parameter $CONF_LINE is present but with the wrong value -- Fixing"
|
||||
replace_in_file "$CONF_FILE" "^$(echo "$CONF_LINE" | cut -d ' ' -f1)[[:space:]]*.*" "$CONF_LINE"
|
||||
fi
|
||||
fi
|
||||
@ -63,14 +63,13 @@ check_config() {
|
||||
# We need to call this in the subs called by main.sh when it is sourced, otherwise it would
|
||||
# either be too soon (DEB_MAJ_VER not defined) or too late (test has already been run)
|
||||
_set_vars_jit() {
|
||||
if [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
if [ "$DEB_MAJ_VER" = "sid" ] || [ "$DEB_MAJ_VER" -ge "11" ]; then
|
||||
CONF_LINE_REGEX="ENCRYPT_METHOD (SHA512|yescrypt|YESCRYPT)"
|
||||
CONF_LINE="ENCRYPT_METHOD YESCRYPT"
|
||||
else
|
||||
CONF_LINE_REGEX="ENCRYPT_METHOD SHA512"
|
||||
CONF_LINE="ENCRYPT_METHOD SHA512"
|
||||
fi
|
||||
unset -f _set_vars_jit
|
||||
}
|
||||
|
||||
# Source Root Dir Parameter
|
||||
|
Reference in New Issue
Block a user