[PATCH 01/11] Added remediation - account_disable_post_pw_expiration.sh

Tue, 12 Nov 2013 08:33:22 -0800 

>From 117858e359ffe26cf548a82542ede6abe84967ab Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Sun, 10 Nov 2013 00:08:10 -0500
Subject: [PATCH 01/11] Added remediation - account_disable_post_pw_expiration.sh

TESTING:
[root@SSG-RHEL6 checks]# var_account_disable_post_pw_expiration=35; export 
var_account_disable_post_pw_expiration
[root@SSG-RHEL6 checks]# grep INACTIVE /etc/default/useradd
[root@SSG-RHEL6 checks]# ./testcheck.py account_disable_post_pw_expiration.xml
external_variable with id : var_account_disable_post_pw_expiration
Evaluating with OVAL tempfile : 
/tmp/account_disable_post_pw_expirationrAE2Xq.xml
Writing results to : /tmp/account_disable_post_pw_expirationrAE2Xq.xml-results
Definition oval:scap-security-guide.testing:def:245: false
Evaluation done.
[root@SSG-RHEL6 checks]# cd ../fixes/bash/
[root@SSG-RHEL6 bash]# bash account_disable_post_pw_expiration.sh
[root@SSG-RHEL6 bash]# cd -
/var/www/html/scap-security-guide/RHEL6/input/checks
[root@SSG-RHEL6 checks]# ./testcheck.py account_disable_post_pw_expiration.xml
external_variable with id : var_account_disable_post_pw_expiration
Evaluating with OVAL tempfile : 
/tmp/account_disable_post_pw_expirationLrhoFe.xml
Writing results to : /tmp/account_disable_post_pw_expirationLrhoFe.xml-results
Definition oval:scap-security-guide.testing:def:245: true
Evaluation done.
---
 .../bash/account_disable_post_pw_expiration.sh     |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)
 create mode 100644 RHEL6/input/fixes/bash/account_disable_post_pw_expiration.sh

diff --git a/RHEL6/input/fixes/bash/account_disable_post_pw_expiration.sh 
b/RHEL6/input/fixes/bash/account_disable_post_pw_expiration.sh
new file mode 100644
index 0000000..341227f
--- /dev/null
+++ b/RHEL6/input/fixes/bash/account_disable_post_pw_expiration.sh
@@ -0,0 +1,8 @@
+source ./templates/support.sh
+populate var_account_disable_post_pw_expiration
+
+grep -q ^INACTIVE /etc/default/useradd && \
+  sed -i "s/INACTIVE.*/INACTIVE=$var_account_disable_post_pw_expiration/g" 
/etc/default/useradd
+if ! [ $? -eq 0 ]; then
+    echo "INACTIVE=$var_account_disable_post_pw_expiration" >> 
/etc/default/useradd
+fi
-- 
1.7.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to