secondUser = test.params['secondUserName'] file1 = '/etc/pam.d/system-auth-ac' file2 = '/etc/security/pwquality.conf' try: # info-------------------------------------------------------------------------------------------------------------- test.showInfoBlock() # set up------------------------------------------------------------------------------------------------------------ test.showSetUpBlock() test.createCopyFile(file1) tm.changeRowFile( path=file1, oldRow='password sufficient', newRow= 'password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5', start=True) test.showActionMsg('change data to file %s' % file1) test.createCopyFile(file2) tm.changeRowFile(path=file2, oldRow='minlen =', newRow='minlen = 9') tm.changeRowFile(path=file2, oldRow='dcredit =', newRow='dcredit = -2') tm.changeRowFile(path=file2, oldRow='ucredit =', newRow='ucredit = -3') tm.changeRowFile(path=file2, oldRow='lcredit =', newRow='lcredit = -2') tm.changeRowFile(path=file2, oldRow='ocredit =', newRow='ocredit = -1') test.showActionMsg('change data to file %s' % file2) test.runCmdFromRoot(cmd='authconfig --update', code=0)
# set up------------------------------------------------------------------------------------------------------------ test.showSetUpBlock() test.createCopyFile(file1) # testing----------------------------------------------------------------------------------------------------------- test.showTestingBlock() st = os.statvfs("/home") du = st.f_bsize * st.f_bavail / 1024 / 1024 du = du + 1000 tm.changeRowFile(path=file1, oldRow='space_left =', newRow='space_left = %s' % str(du), start=True) tm.changeRowFile(path=file1, oldRow='space_left_action =', newRow='space_left_action = EMAIL', start=True) tm.changeRowFile(path=file1, oldRow='action_mail_acct =', newRow='action_mail_acct = root', start=True) test.showActionMsg('change data to file %s' % file1) test.runCmdFromRoot(cmd='service auditd restart', code=0) time.sleep(3) f = open(file2, "r+") rows = f.readlines() f.close() today = datetime.today() status = False
try: # info-------------------------------------------------------------------------------------------------------------- test.showInfoBlock() # set up------------------------------------------------------------------------------------------------------------ test.showSetUpBlock() test.installPack('pam_usb') test.createCopyFile(file1) test.createCopyFile(file2) tm.changeRowFile( path=file1, oldRow='auth required pam_env.so', newRow= 'auth required pam_usb.so\nauth required pam_env.so', start=True) tm.changeRowFile( path=file2, oldRow='auth required pam_env.so', newRow= 'auth required pam_usb.so\nauth required pam_env.so', start=True) # testing----------------------------------------------------------------------------------------------------------- test.showTestingBlock() test.runCmdFromRoot(cmd="echo 'y' | pamusb-conf --add-device 'Auth-Stick'", code=0)
test.runCmdFirstUser(cmd="mkdir %s" % dir1, code=0) test.runCmdFirstUser(cmd="touch %s" % file1, code=0) out2 = test.runCmdFirstUser(cmd="ls -ld %s" % dir1, code=0)['output'].split('\n')[0] out3 = test.runCmdFirstUser(cmd="ls -l %s" % file1, code=0)['output'].split('\n')[0] if out2.find('drwxrwxr-x.') == -1: test.addResult(msg=u'Несоответствие прав доступа к %s' % dir1, wait='drwxrwxr-x.', taken=out2) if out3.find('-rw-rw-r--.') == -1: test.addResult(msg=u'Несоответствие прав доступа к %s' % file1, wait='-rw-rw-r--.', taken=out3) tm.changeRowFile(path=file3, oldRow='umask 002', newRow=' umask 077') test.showActionMsg('change file %s' % file3) out4 = test.runCmdFirstUser(cmd="umask -S", code=0)['output'].split('\n')[0] if out4 != 'u=rwx,g=,o=': test.addResult(msg=u'Несоответствие атрибутов по умолчанию', wait='u=rwx,g=,o=', taken=out4) test.runCmdFirstUser(cmd="mkdir %s" % dir2, code=0) test.runCmdFirstUser(cmd="touch %s" % file2, code=0) out2 = test.runCmdFirstUser(cmd="ls -ld %s" % dir2, code=0)['output'].split('\n')[0] out3 = test.runCmdFirstUser(cmd="ls -l %s" % file2, code=0)['output'].split('\n')[0] if out2.find('drwx------.') == -1: test.addResult(msg=u'Несоответствие прав доступа к %s' % dir2, wait='drwx------.', taken=out2)
code=code) if search != None: if not search in res['error']: test.addResult(msg=u'Ошибка при проверке аутентификации', wait=search, taken=res['error']) checkAuth(pas='******', code=1) checkAuth(pas='******', code=1) checkAuth(pas='******', code=0) test.createCopyFile(file1) tm.changeRowFile( path=file1, oldRow='auth required pam_env.so', newRow= 'auth required pam_env.so\nauth required pam_faillock.so preauth silent audit deny=2 unlock_time=300', start=True) tm.changeRowFile( path=file1, oldRow='auth sufficient pam_unix.so nullok try_first_pass', newRow='auth sufficient pam_unix.so nullok try_first_pass\n' 'auth [default=die] pam_faillock.so authfail audit deny=2 unlock_time=300', start=True) tm.changeRowFile( path=file1, oldRow='account required pam_permit.so', newRow= 'account required pam_permit.so\naccount required pam_faillock.so', start=True)
test.sshDisconnect() analysis(data1=time1, data2=time2) # ------------------------------------------------------------------------------------------------------------------ tm.showMsg(u'Пункт в') test.createCopyFile(file1) test.runCmdFromRoot(cmd="echo 'login | gdm-password ; * ; * ; !Wd0000-2400' >> %s" % file1, code=0) test.createCopyFile(file2) test.createCopyFile(file3) tm.changeRowFile(path=file2, oldRow='account required pam_unix.so', newRow='account required pam_time.so\naccount required pam_unix.so', start=True) tm.changeRowFile(path=file3, oldRow='account required pam_unix.so', newRow='account required pam_time.so\naccount required pam_unix.so', start=True) currentNow = datetime.strftime(datetime.now(), "%Y-%m-%d") test.runCmdFromRoot(cmd='date +%Y%m%d -s "20180926"', code=0) time.sleep(2) test.runCmdFirstUser(cmd="echo 'qqqwww' | su %s" % secondUser, code=0) test.runCmdSecondUser(cmd="echo 'qqqwww' | su %s" % firstUser, code=0)