mirror of
https://github.com/ovh/debian-cis.git
synced 2025-08-31 20:04:07 +02:00
37b4f5982e
- sudo_re_authenticate.sh -> 5.2.5 - pam_pwhistory_enabled.sh -> 5.3.2.4 - pam_faillock_enabled.sh -> 5.3.2.2 This is an updated version of enable_lockout_failed_password.sh (renamed) - pam_unix_enabled.sh -> 5.3.2.1 - password_failed_lockout.sh -> 5.3.3.1.1 - password_unlock_time.sh -> 5.3.3.1.2 - password_root_unlock.sh -> 5.3.3.1.3
31 lines
816 B
Bash
31 lines
816 B
Bash
# shellcheck shell=bash
|
|
# run-shellcheck
|
|
test_audit() {
|
|
|
|
local PAM_FILES=""
|
|
PAM_FILES="/etc/pam.d/common-password"
|
|
|
|
# install dependencies
|
|
apt-get update
|
|
apt-get install -y libpam-pwquality
|
|
|
|
# prepare to fail
|
|
describe Prepare on purpose failed test
|
|
# shellcheck disable=2086
|
|
sed -i '/pam_unix.so/s/^/#/g' $PAM_FILES
|
|
|
|
describe Running on purpose failed test
|
|
register_test retvalshouldbe 1
|
|
# shellcheck disable=2154
|
|
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
|
|
|
describe correcting situation
|
|
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
|
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
|
|
|
describe Checking resolved state
|
|
register_test retvalshouldbe 0
|
|
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
|
|
|
}
|