2021-11-08 21:58:57
This commit is contained in:
gbaconni
@@ -6,7 +6,7 @@
|
||||
# By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ #
|
||||
# +#+#+#+#+#+ +#+ #
|
||||
# Created: 2021/11/04 10:58:16 by gbaconni #+# #+# #
|
||||
# Updated: 2021/11/08 09:42:55 by gbaconni ### ########.fr #
|
||||
# Updated: 2021/11/08 21:58:48 by gbaconni ### lausanne.ch #
|
||||
# #
|
||||
# **************************************************************************** #
|
||||
|
||||
@@ -54,8 +54,9 @@ ft_policy ()
|
||||
{
|
||||
user=${1-marvin}
|
||||
sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs
|
||||
sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf
|
||||
sed -i'.orig' -r 's/^[# ]*(minlen =).*/\1 10/; s/^[# ]*([ud]credit =).*/\1 -1/; s/^[# ]*(maxrepeat =).*/\1 3/; s/^[# ]*(usercheck =).*/\1 1/; s/^[# ]*(enforcing =).*/\1 1/; s/^[# ]*(difok =).*/\1 7/; s/^[# ]*(enforce_for_root)/\1/; s/^[# ]*(local_users_only)/\1/;' /etc/security/pwquality.conf
|
||||
chage -M 30 -m 2 -W 7 ${user}
|
||||
chage -M 30 -m 2 -W 7 root
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
38
test.sh
38
test.sh
@@ -50,6 +50,26 @@ main ()
|
||||
|
||||
ssh_clean
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Maximum number of days between password change.*\: 30' \
|
||||
&& ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Minimum number of days between password change.*\: 2' \
|
||||
&& ssh_exec ${port} ${login} ${pass} chage -l root | grep -q -i -E '^Number of days of warning before password expires.*\: 7'
|
||||
then
|
||||
echo "OK: Password expiration for root is correct"
|
||||
else
|
||||
echo "KO: Password expiration for root is wrong"
|
||||
fi
|
||||
|
||||
return 0
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \
|
||||
&& ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \
|
||||
&& ssh_exec ${port} ${login} ${pass} cat /etc/security/pwquality.conf | grep -q -i -E '^PASS_WARN_AGE.*\t7'
|
||||
then
|
||||
echo "OK: Expiration policy via pwquality is correct"
|
||||
else
|
||||
echo "KO: Expiration policy via pwquality is wrong"
|
||||
fi
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} hostname -s | grep -q "^${login}42"
|
||||
then
|
||||
echo "OK: Hostname is ${login}42"
|
||||
@@ -123,6 +143,24 @@ main ()
|
||||
echo "KO: ${login} is not member of both user42 and sudo groups"
|
||||
fi
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Maximum number of days between password change.*\: 30' \
|
||||
&& ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Minimum number of days between password change.*\: 2' \
|
||||
&& ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Number of days of warning before password expires.*\: 7'
|
||||
then
|
||||
echo "OK: Password expiration for ${login} is correct"
|
||||
else
|
||||
echo "KO: Password expiration for ${login} is wrong"
|
||||
fi
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \
|
||||
&& ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \
|
||||
&& ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_WARN_AGE.*\t7'
|
||||
then
|
||||
echo "OK: Password expiration policy is correct"
|
||||
else
|
||||
echo "KO: Password expiration policy is wrong"
|
||||
fi
|
||||
|
||||
if ssh_exec ${port} ${login} ${pass} ss -tunlpe | grep -q -E "LISTEN.*:4242.*ssh"
|
||||
then
|
||||
echo "OK: ssh running on 4242"
|
||||
|
||||
Reference in New Issue
Block a user