99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112)

2025-06-21 18:23:42 +02:00 · 2021-08-10 10:30:35 +02:00
parent 01c3d1b98c
commit afed5a9dce
3 changed files with 9 additions and 2 deletions
--- a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
+++ b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
@ -49,7 +49,6 @@ apply() {
            info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
            replace_in_file "$CONF_FILE" "^$(echo "$CONF_LINE" | cut -d ' ' -f1)[[:space:]]*.*" "$CONF_LINE"
        fi
-        /etc/init.d/ssh reload >/dev/null 2>&1
    fi
 }

--- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
+++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
@ -37,7 +37,7 @@ audit() {
            pw_found+="$user "
            ok "User $user has a disabled password."
        # Check password against $6$<salt>$<encrypted>, see `man 3 crypt`
-        elif [[ $passwd =~ ^\$6\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
+        elif [[ $passwd =~ ^\$6(\$rounds=[0-9]+)?\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
            pw_found+="$user "
            ok "User $user has suitable SHA512 hashed password."
        else