diff --git a/bootstrap.sh b/bootstrap.sh index 7e5e59e..1953338 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -6,7 +6,7 @@ # By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2021/11/04 10:58:16 by gbaconni #+# #+# # -# Updated: 2021/11/08 09:42:55 by gbaconni ### ########.fr # +# Updated: 2021/11/08 21:58:48 by gbaconni ### lausanne.ch # # # # **************************************************************************** # @@ -54,8 +54,9 @@ ft_policy () { user=${1-marvin} sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs - sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf + sed -i'.orig' -r 's/^[# ]*(minlen =).*/\1 10/; s/^[# ]*([ud]credit =).*/\1 -1/; s/^[# ]*(maxrepeat =).*/\1 3/; s/^[# ]*(usercheck =).*/\1 1/; s/^[# ]*(enforcing =).*/\1 1/; s/^[# ]*(difok =).*/\1 7/; s/^[# ]*(enforce_for_root)/\1/; s/^[# ]*(local_users_only)/\1/;' /etc/security/pwquality.conf chage -M 30 -m 2 -W 7 ${user} + chage -M 30 -m 2 -W 7 root return 0 } diff --git a/test.sh b/test.sh index 1b5e1df..673f772 100755 --- a/test.sh +++ b/test.sh @@ -50,6 +50,26 @@ main () ssh_clean + if ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Maximum number of days between password change.*\: 30' \ + && ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Minimum number of days between password change.*\: 2' \ + && ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Number of days of warning before password expires.*\: 7' + then + echo "OK: Password expiration for root is correct" + else + echo "KO: Password expiration for root is wrong" + fi + + return 0 + + if ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \ + && ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \ + && ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_WARN_AGE.*\t7' + then + echo "OK: Expiration policy via pwquality is correct" + else + echo "KO: Expiration policy via pwquality is wrong" + fi + if ssh_exec ${port} ${login} ${pass} hostname -s | grep -q "^${login}42" then echo "OK: Hostname is ${login}42" @@ -123,6 +143,24 @@ main () echo "KO: ${login} is not member of both user42 and sudo groups" fi + if ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Maximum number of days between password change.*\: 30' \ + && ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Minimum number of days between password change.*\: 2' \ + && ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Number of days of warning before password expires.*\: 7' + then + echo "OK: Password expiration for ${login} is correct" + else + echo "KO: Password expiration for ${login} is wrong" + fi + + if ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \ + && ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \ + && ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_WARN_AGE.*\t7' + then + echo "OK: Password expiration policy is correct" + else + echo "KO: Password expiration policy is wrong" + fi + if ssh_exec ${port} ${login} ${pass} ss -tunlpe | grep -q -E "LISTEN.*:4242.*ssh" then echo "OK: ssh running on 4242"