2021-11-08 21:58:57

2021-11-08 21:58:57 +01:00
parent 01804556b4
commit d4ce70bb3d
2 changed files with 41 additions and 2 deletions
--- a/test.sh
+++ b/test.sh
@@ -50,6 +50,26 @@ main ()

 	ssh_clean

+	if ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Maximum number of days between password change.*\: 30' \
+		&& ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Minimum number of days between password change.*\: 2' \
+		&& ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Number of days of warning before password expires.*\: 7'
+	then
+		echo "OK: Password expiration for root is correct"
+	else
+		echo "KO: Password expiration for root is wrong"
+	fi
+
+	return 0
+
+	if ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \
+		&& ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \
+		&& ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_WARN_AGE.*\t7'
+	then
+		echo "OK: Expiration policy via pwquality is correct"
+	else
+		echo "KO: Expiration policy via pwquality is wrong"
+	fi
+
 	if ssh_exec ${port} ${login} ${pass} hostname -s | grep -q "^${login}42"
 	then
 		echo "OK: Hostname is ${login}42"
@@ -123,6 +143,24 @@ main ()
 		echo "KO: ${login} is not member of both user42 and sudo groups"
 	fi

+	if ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Maximum number of days between password change.*\: 30' \
+		&& ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Minimum number of days between password change.*\: 2' \
+		&& ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Number of days of warning before password expires.*\: 7'
+	then
+		echo "OK: Password expiration for ${login} is correct"
+	else
+		echo "KO: Password expiration for ${login} is wrong"
+	fi
+
+	if ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \
+		&& ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \
+		&& ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_WARN_AGE.*\t7'
+	then
+		echo "OK: Password expiration policy is correct"
+	else
+		echo "KO: Password expiration policy is wrong"
+	fi
+
 	if ssh_exec ${port} ${login} ${pass} ss -tunlpe | grep -q -E "LISTEN.*:4242.*ssh"
 	then
 		echo "OK: ssh running on 4242"