37 lines
1.1 KiB
Python
37 lines
1.1 KiB
Python
|
#!/usr/bin/python
|
||
|
|
#coding: utf-8
|
||
|
|
|
||
|
|
import os, re, public
|
||
|
|
|
||
|
|
|
||
|
|
_title = 'Check password reuse limit'
|
||
|
|
_version = 1.0 # 版本
|
||
|
|
_ps = "Detect whether to limit password reuse times" # 描述
|
||
|
|
_level = 2 # 风险级别: 1.提示(低) 2.警告(中) 3.危险(高)
|
||
|
|
_date = '2023-03-10' # 最后更新时间
|
||
|
|
_ignore = os.path.exists("data/warning/ignore/sw_passwd_repeat.pl")
|
||
|
|
_tips = [
|
||
|
|
"Configuration file backup: cp -p /etc/pam.d/system-auth /etc/pam.d/system-auth.bak",
|
||
|
|
"Add or modify remember=5 after [password sufficient] in [/etc/pam.d/system-auth] file"
|
||
|
|
]
|
||
|
|
_help = ''
|
||
|
|
_remind = 'This scheme enhances server access control protection by limiting the number of times login passwords are reused. '
|
||
|
|
|
||
|
|
def check_run():
|
||
|
|
'''
|
||
|
|
@name 开始检测
|
||
|
|
@return tuple (status<bool>,msg<string>)
|
||
|
|
'''
|
||
|
|
try:
|
||
|
|
cfile = '/etc/pam.d/system-auth'
|
||
|
|
conf = public.readFile(cfile)
|
||
|
|
rep = r"password(\s*)sufficient.*remember(\s*)=(\s*)[1-9]+"
|
||
|
|
tmp = re.search(rep, conf)
|
||
|
|
if tmp:
|
||
|
|
return True, 'Risk-free'
|
||
|
|
else:
|
||
|
|
return False, 'Unlimited password reuse'
|
||
|
|
except:
|
||
|
|
return True, 'Risk-free'
|
||
|
|
|