mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 22:15:24 +01:00
99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112)
This commit is contained in:
parent
01c3d1b98c
commit
afed5a9dce
@ -49,7 +49,6 @@ apply() {
|
||||
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||
replace_in_file "$CONF_FILE" "^$(echo "$CONF_LINE" | cut -d ' ' -f1)[[:space:]]*.*" "$CONF_LINE"
|
||||
fi
|
||||
/etc/init.d/ssh reload >/dev/null 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -37,7 +37,7 @@ audit() {
|
||||
pw_found+="$user "
|
||||
ok "User $user has a disabled password."
|
||||
# Check password against $6$<salt>$<encrypted>, see `man 3 crypt`
|
||||
elif [[ $passwd =~ ^\$6\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
|
||||
elif [[ $passwd =~ ^\$6(\$rounds=[0-9]+)?\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
|
||||
pw_found+="$user "
|
||||
ok "User $user has suitable SHA512 hashed password."
|
||||
else
|
||||
|
@ -29,4 +29,12 @@ EOF
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "User secaudit has suitable SHA512 hashed password"
|
||||
run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
chpasswd -c SHA512 -s 1000 <<EOF
|
||||
secaudit:mypassword
|
||||
EOF
|
||||
describe Pass: Found properly hashed password with custom round number
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "User secaudit has suitable SHA512 hashed password"
|
||||
run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user