# shellcheck shell=bash # run-shellcheck test_audit() { describe Running on blank host register_test retvalshouldbe 0 register_test contain "There is no password in /etc/shadow" dismiss_count_for_test # shellcheck disable=2154 run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /etc/shadow /tmp/shadow.bak sed -i 's/secaudit:!/secaudit:mypassword/' /etc/shadow describe Fail: Found unsecure password register_test retvalshouldbe 1 register_test contain "User secaudit has a password that is not SHA512 hashed" run unsecpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all sed -i 's/secaudit:mypassword/secaudit:!!/' /etc/shadow describe Fail: Found disabled password register_test retvalshouldbe 0 register_test contain "User secaudit has a disabled password" run lockedpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/shadow.bak /etc/shadow chpasswd -c SHA512 <