mirror of
https://github.com/ovh/debian-cis.git
synced 2025-08-31 11:54:07 +02:00
3bbc6c435a
- password_number_changed_chars.sh -> 5.3.3.2.1 - password_dictcheck_enabled.sh -> 5.3.3.2.6 - password_quality_enforced.sh -> 5.3.3.2.7 - password_quality_enforced_for_root.sh -> 5.3.3.2.8
29 lines
887 B
Bash
29 lines
887 B
Bash
# shellcheck shell=bash
|
|
# run-shellcheck
|
|
test_audit() {
|
|
|
|
# prepare to fail
|
|
describe Prepare on purpose failed test
|
|
apt-get install -y libpam-pwquality
|
|
sed -E -i '/^[[:space:]]?dictcheck/d' /etc/security/pwquality.conf
|
|
echo "pam_pwquality.so dictcheck=0" >/usr/share/pam-configs/test_cis.conf
|
|
|
|
describe Running on purpose failed test
|
|
register_test retvalshouldbe 1
|
|
# shellcheck disable=2154
|
|
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
|
|
|
describe correcting situation
|
|
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
|
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
|
|
|
describe Checking resolved state
|
|
register_test retvalshouldbe 0
|
|
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
|
|
|
describe clean test
|
|
rm -f /usr/share/pam-configs/test_cis.conf
|
|
apt-get remove -y libpam-pwquality
|
|
|
|
}
|