secondUser = test.params['secondUserName']
file1 = '/etc/pam.d/system-auth-ac'
file2 = '/etc/security/pwquality.conf'
try:
# info--------------------------------------------------------------------------------------------------------------
test.showInfoBlock()
# set up------------------------------------------------------------------------------------------------------------
test.showSetUpBlock()
test.createCopyFile(file1)
tm.changeRowFile(
path=file1,
oldRow='password sufficient',
newRow=
'password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5',
start=True)
test.showActionMsg('change data to file %s' % file1)
test.createCopyFile(file2)
tm.changeRowFile(path=file2, oldRow='minlen =', newRow='minlen = 9')
tm.changeRowFile(path=file2, oldRow='dcredit =', newRow='dcredit = -2')
tm.changeRowFile(path=file2, oldRow='ucredit =', newRow='ucredit = -3')
tm.changeRowFile(path=file2, oldRow='lcredit =', newRow='lcredit = -2')
tm.changeRowFile(path=file2, oldRow='ocredit =', newRow='ocredit = -1')
test.showActionMsg('change data to file %s' % file2)
test.runCmdFromRoot(cmd='authconfig --update', code=0)
# set up------------------------------------------------------------------------------------------------------------
test.showSetUpBlock()
test.createCopyFile(file1)
# testing-----------------------------------------------------------------------------------------------------------
test.showTestingBlock()
st = os.statvfs("/home")
du = st.f_bsize * st.f_bavail / 1024 / 1024
du = du + 1000
tm.changeRowFile(path=file1, oldRow='space_left =', newRow='space_left = %s' % str(du), start=True)
tm.changeRowFile(path=file1, oldRow='space_left_action =', newRow='space_left_action = EMAIL', start=True)
tm.changeRowFile(path=file1, oldRow='action_mail_acct =',
newRow='action_mail_acct = root', start=True)
test.showActionMsg('change data to file %s' % file1)
test.runCmdFromRoot(cmd='service auditd restart', code=0)
time.sleep(3)
f = open(file2, "r+")
rows = f.readlines()
f.close()
today = datetime.today()
status = False
try:
# info--------------------------------------------------------------------------------------------------------------
test.showInfoBlock()
# set up------------------------------------------------------------------------------------------------------------
test.showSetUpBlock()
test.installPack('pam_usb')
test.createCopyFile(file1)
test.createCopyFile(file2)
tm.changeRowFile(
path=file1,
oldRow='auth required pam_env.so',
newRow=
'auth required pam_usb.so\nauth required pam_env.so',
start=True)
tm.changeRowFile(
path=file2,
oldRow='auth required pam_env.so',
newRow=
'auth required pam_usb.so\nauth required pam_env.so',
start=True)
# testing-----------------------------------------------------------------------------------------------------------
test.showTestingBlock()
test.runCmdFromRoot(cmd="echo 'y' | pamusb-conf --add-device 'Auth-Stick'",
code=0)
test.runCmdFirstUser(cmd="mkdir %s" % dir1, code=0)
test.runCmdFirstUser(cmd="touch %s" % file1, code=0)
out2 = test.runCmdFirstUser(cmd="ls -ld %s" % dir1, code=0)['output'].split('\n')[0]
out3 = test.runCmdFirstUser(cmd="ls -l %s" % file1, code=0)['output'].split('\n')[0]
if out2.find('drwxrwxr-x.') == -1:
test.addResult(msg=u'Несоответствие прав доступа к %s' % dir1, wait='drwxrwxr-x.', taken=out2)
if out3.find('-rw-rw-r--.') == -1:
test.addResult(msg=u'Несоответствие прав доступа к %s' % file1, wait='-rw-rw-r--.', taken=out3)
tm.changeRowFile(path=file3, oldRow='umask 002', newRow=' umask 077')
test.showActionMsg('change file %s' % file3)
out4 = test.runCmdFirstUser(cmd="umask -S", code=0)['output'].split('\n')[0]
if out4 != 'u=rwx,g=,o=':
test.addResult(msg=u'Несоответствие атрибутов по умолчанию', wait='u=rwx,g=,o=', taken=out4)
test.runCmdFirstUser(cmd="mkdir %s" % dir2, code=0)
test.runCmdFirstUser(cmd="touch %s" % file2, code=0)
out2 = test.runCmdFirstUser(cmd="ls -ld %s" % dir2, code=0)['output'].split('\n')[0]
out3 = test.runCmdFirstUser(cmd="ls -l %s" % file2, code=0)['output'].split('\n')[0]
if out2.find('drwx------.') == -1:
test.addResult(msg=u'Несоответствие прав доступа к %s' % dir2, wait='drwx------.', taken=out2)
code=code)
if search != None:
if not search in res['error']:
test.addResult(msg=u'Ошибка при проверке аутентификации',
wait=search,
taken=res['error'])
checkAuth(pas='******', code=1)
checkAuth(pas='******', code=1)
checkAuth(pas='******', code=0)
test.createCopyFile(file1)
tm.changeRowFile(
path=file1,
oldRow='auth required pam_env.so',
newRow=
'auth required pam_env.so\nauth required pam_faillock.so preauth silent audit deny=2 unlock_time=300',
start=True)
tm.changeRowFile(
path=file1,
oldRow='auth sufficient pam_unix.so nullok try_first_pass',
newRow='auth sufficient pam_unix.so nullok try_first_pass\n'
'auth [default=die] pam_faillock.so authfail audit deny=2 unlock_time=300',
start=True)
tm.changeRowFile(
path=file1,
oldRow='account required pam_permit.so',
newRow=
'account required pam_permit.so\naccount required pam_faillock.so',
start=True)
test.sshDisconnect()
analysis(data1=time1, data2=time2)
# ------------------------------------------------------------------------------------------------------------------
tm.showMsg(u'Пункт в')
test.createCopyFile(file1)
test.runCmdFromRoot(cmd="echo 'login | gdm-password ; * ; * ; !Wd0000-2400' >> %s" % file1, code=0)
test.createCopyFile(file2)
test.createCopyFile(file3)
tm.changeRowFile(path=file2, oldRow='account required pam_unix.so',
newRow='account required pam_time.so\naccount required pam_unix.so',
start=True)
tm.changeRowFile(path=file3, oldRow='account required pam_unix.so',
newRow='account required pam_time.so\naccount required pam_unix.so',
start=True)
currentNow = datetime.strftime(datetime.now(), "%Y-%m-%d")
test.runCmdFromRoot(cmd='date +%Y%m%d -s "20180926"', code=0)
time.sleep(2)
test.runCmdFirstUser(cmd="echo 'qqqwww' | su %s" % secondUser, code=0)
test.runCmdSecondUser(cmd="echo 'qqqwww' | su %s" % firstUser, code=0)