From 9aac4c3504e083c3663917f1c174e655e2e08e8a Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Thu, 29 Oct 2020 16:47:34 +0100
Subject: [PATCH] IMP(5.3.4): improve check

---
 bin/hardening/5.3.4_acc_pam_sha512.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/5.3.4_acc_pam_sha512.sh b/bin/hardening/5.3.4_acc_pam_sha512.sh
index 03f4f7d..17c0051 100755
--- a/bin/hardening/5.3.4_acc_pam_sha512.sh
+++ b/bin/hardening/5.3.4_acc_pam_sha512.sh
@@ -34,9 +34,20 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
-    :
+    if $SUDO_CMD [ ! -r $CONF_FILE ]; then
+        crit "$CONF_FILE is not readable"
+    else
+        does_pattern_exist_in_file $CONF_FILE "$(sed 's/ /[[:space:]]+/g' <<< "$CONF_LINE")"
+        if [ "$FNRET" = 0 ]; then
+            ok "$CONF_LINE is present in $CONF_FILE"
+        else
+            warn "$CONF_LINE is not present in $CONF_FILE"
+            add_line_file_before_pattern $CONF_FILE "password [success=1 default=ignore] pam_unix.so sha512" "# pam-auth-update(8) for details."
+        fi
+    fi
 }
 
+
 # This function will check config parameters required
 check_config() {
     :