99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112)

2025-06-24 11:34:35 +02:00 · 2021-08-10 10:30:35 +02:00
parent 01c3d1b98c
commit afed5a9dce
3 changed files with 9 additions and 2 deletions
--- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
+++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
@ -37,7 +37,7 @@ audit() {
            pw_found+="$user "
            ok "User $user has a disabled password."
        # Check password against $6$<salt>$<encrypted>, see `man 3 crypt`
-        elif [[ $passwd =~ ^\$6\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
+        elif [[ $passwd =~ ^\$6(\$rounds=[0-9]+)?\$[a-zA-Z0-9./]{2,16}\$[a-zA-Z0-9./]{86}$ ]]; then
            pw_found+="$user "
            ok "User $user has suitable SHA512 hashed password."
        else