accounts_password_set_min_life_existing: tests: Attempt to unite the

tests independent of the benchmark.
ComplianceAsCode · Jan 6, 2023 · 2ef1c60 · 2ef1c60
1 parent 4c10dee
commit 2ef1c60
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 38 deletions.
diff --git a/...word_expiration/accounts_password_set_min_life_existing/tests/correct_min_pas_age.pass.sh b/...word_expiration/accounts_password_set_min_life_existing/tests/correct_min_pas_age.pass.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
+# variables = var_accounts_minimum_age_login_defs=1,var_accounts_maximum_age_login_defs=60
 
-SECURE_MIN_PASS_AGE=1
-
-usrs_min_pass_age=( $(awk -v min="$SECURE_MIN_PASS_AGE" -F: '(/^[^:]+:[^!*]/ && ($4 < min || $4 == "")) {print $1}' /etc/shadow) )
-for i in ${usrs_min_pass_age[@]};
-do
-  chage -m $SECURE_MIN_PASS_AGE $i
+# make existing entries pass
+for acct in $(awk -F: '(/^[^:]+:[^!*]/ && ($4 < 1 || $4 == "")) {print $1}' /etc/shadow ); do
+    chage -m 1 -d $(date +%Y-%m-%d) $acct
 done
+echo 'max-test-user:$1$q.YkdxU1$ADmXcU4xwPrM.Pc.dclK81:18648:1:60::::' >> /etc/shadow
+echo "max-test-user:x:50000:1000::/:/usr/bin/bash" >> /etc/passwd
diff --git a/...tests/correct_stig_noninteractive.pass.sh → ...orrect_min_pas_age_noninteractive.pass.sh b/...tests/correct_stig_noninteractive.pass.sh → ...orrect_min_pas_age_noninteractive.pass.sh
@@ -1,9 +1,8 @@
 #!/bin/bash
-
 # variables = var_accounts_minimum_age_login_defs=1,var_accounts_maximum_age_login_defs=60
 
 # make existing entries pass
-for acct in $(awk -F: '{print $1}' /etc/shadow ); do
+for acct in $(awk -F: '(/^[^:]+:[^!*]/ && ($4 < 1 || $4 == "")) {print $1}' /etc/shadow ); do
     chage -m 1 -d $(date +%Y-%m-%d) $acct
 done
 # Noninteractive users are a pass

diff --git a/...ns/password_expiration/accounts_password_set_min_life_existing/tests/correct_stig.pass.sh b/...ns/password_expiration/accounts_password_set_min_life_existing/tests/correct_stig.pass.sh
diff --git a/...d_expiration/accounts_password_set_min_life_existing/tests/incorrect_min_pass_age.fail.sh b/...d_expiration/accounts_password_set_min_life_existing/tests/incorrect_min_pass_age.fail.sh
@@ -1,8 +1,11 @@
 #!/bin/bash
-BAD_PAS_AGE=-1
+# variables = var_accounts_minimum_age_login_defs=1
+# packages = passwd
 
-USERNAME="testuser_123"
-useradd $USERNAME
-echo "cac_test_pass" | passwd --stdin $USERNAME
-
-passwd -n $BAD_PAS_AGE $USERNAME
+# make existing entries pass
+for acct in $(awk -F: '(/^[^:]+:[^!*]/ && ($4 < 1 || $4 == "")) {print $1}' /etc/shadow ); do
+    chage -m 1 -d $(date +%Y-%m-%d) $acct
+done
+# add a failing entry
+echo 'max-test-user:$1$q.YkdxU1$ADmXcU4xwPrM.Pc.dclK81:18648:0:60::::' >> /etc/shadow
+echo "max-test-user:x:50000:1000::/:/usr/bin/bash" >> /etc/passwd
diff --git a/...isting/tests/incorrect_stig_blank.fail.sh → ...ests/incorrect_min_pass_age_blank.fail.sh b/...isting/tests/incorrect_stig_blank.fail.sh → ...ests/incorrect_min_pass_age_blank.fail.sh
@@ -1,10 +1,9 @@
 #!/bin/bash
-
 # variables = var_accounts_minimum_age_login_defs=1
 # packages = passwd
 
 # make existing entities pass
-for acct in $(awk -F: '{print $1}' /etc/shadow ); do
+for acct in $(awk -F: '(/^[^:]+:[^!*]/ && ($4 < 1 || $4 == "")) {print $1}' /etc/shadow ); do
     chage -m 1 -d $(date +%Y-%m-%d) $acct
 done
 # Add a failing item.

diff --git a/.../password_expiration/accounts_password_set_min_life_existing/tests/incorrect_stig.fail.sh b/.../password_expiration/accounts_password_set_min_life_existing/tests/incorrect_stig.fail.sh