elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-15 13:22:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ee187c7cab19854c29597a5e719c8abcd6c7673
debian-cis/tests/hardening/acc_pam_sha512.sh
Damien Cavagnini 5ee187c7ca chore: drop debian 10 and below support 
Currently, the only LTS Debian are 11 and 12
We only support CIS for LTS debian
2025-07-04 14:10:46 +02:00

27 lines
1005 B
Bash
Raw Blame History

# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
register_test contain "is present in /etc/pam.d/common-password"
# shellcheck disable=2154
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe Tests purposely failing
sed -i '/pam_unix.so/ s/sha512/sha256/' "/etc/pam.d/common-password" # Debian 10
sed -i '/pam_unix.so/ s/yescrypt/sha256/' "/etc/pam.d/common-password" # Debian 11+
register_test retvalshouldbe 1
register_test contain "is not present"
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "is present in /etc/pam.d/common-password"
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}
Reference in New Issue View Git Blame Copy Permalink