elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-03-14 15:45:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
debian-cis/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
Thibault Ayanides 9cbc3f85a9 Renum 99.x files to comply with debian10 CIS
2020-12-22 16:36:35 +01:00

39 lines
1.5 KiB
Bash
Raw Blame History

# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
register_test contain "ENCRYPT_METHOD SHA512 is present in /etc/login.defs"
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
cp /etc/login.defs /tmp/login.defs.bak
describe Line as comment
sed -i 's/\(ENCRYPT_METHOD SHA512\)/# \1/' /etc/login.defs
register_test retvalshouldbe 1
register_test contain "SHA512 is not present"
run commented /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
rm /etc/login.defs
describe Fail: missing conf file
register_test retvalshouldbe 1
register_test contain "/etc/login.defs is not readable"
run missconffile /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
cp /tmp/login.defs.bak /etc/login.defs
sed -ir 's/ENCRYPT_METHOD[[:space:]]\+SHA512/ENCRYPT_METHOD MD5/' /etc/login.defs
describe Fail: wrong hash function configuration
register_test retvalshouldbe 1
register_test contain "SHA512 is not present"
run wrongconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Correcting situation
sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh || true
describe Checking resolved state
mv /tmp/login.defs.bak /etc/login.defs
register_test retvalshouldbe 0
run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
}
Reference in New Issue View Git Blame Copy Permalink