IMP(99.3.1): improve check with disabled passwords

2025-06-22 02:33:42 +02:00 · 2019-08-28 11:49:01 +02:00
parent 96f3b74334
commit a4969e6ba6
2 changed files with 9 additions and 0 deletions
--- a/tests/hardening/99.3.1_acc_shadow_sha512.sh
+++ b/tests/hardening/99.3.1_acc_shadow_sha512.sh
@ -13,6 +13,12 @@ test_audit() {
    register_test contain "User secaudit has a password that is not SHA512 hashed"
    run unsecpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

+    sed -i 's/secaudit:mypassword/secaudit:!!/' /etc/shadow
+    describe Fail: Found disabled password
+    register_test retvalshouldbe 0
+    register_test contain "User secaudit has a disabled password"
+    run lockedpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
    mv /tmp/shadow.bak /etc/shadow
    chpasswd << EOF
 secaudit:mypassword