elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 19:44:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix race condition on /etc/passwd, /etc/shadow and /etc/group

Browse Source
This commit is contained in:
Thibault Ayanides
2020-11-16 14:09:12 +01:00
parent 501ce8c651
commit fbd26ceefa
14 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bin/hardening/6.2.1_remove_empty_password_field.sh
View File

@ -14,12 +14,11 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=1
DESCRIPTION="Ensure password fields are not empty in /etc/shadow."
FILE='/etc/shadow'
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if accounts have an empty password"
RESULT=$($SUDO_CMD cat $FILE | awk -F: '($2 == "" ) { print $1 }')
RESULT=$(get_db shadow | awk -F: '($2 == "" ) { print $1 }')
if [ ! -z "$RESULT" ]; then
crit "Some accounts have an empty password"
crit $RESULT
@ -30,7 +29,7 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
RESULT=$(get_db shadow | awk -F: '($2 == "" ) { print $1 }')
if [ ! -z "$RESULT" ]; then
warn "Some accounts have an empty password"
for ACCOUNT in $RESULT; do