/usr/lib/tiger/systems/Linux/2/check_passwdspec is in tiger 1:3.2.3-10.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2003 Javier Fernandez-Sanguino
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# check_passwdspec: Perform system specific password checks here like
# password aging checks, etc.
#
# 05/14/2005 jfs - Patch from Nicolas François which checks the user strictly
# 05/14/2005 jfs - Better fix for pwd=! (Debian bug #308141)
# 03/21/2005 jfs - Fixed password aging check. Separate all checks so that
# they prevent bugs if pwd="!" (Debian Bug #297889)
# 01/10/2004 cslater - Added logic to skip password aging check if the
# account is disabled (! or * in password)
# 11/19/2003 jfs - Patch from Ryan Bradetich changing acc016w to pass19w
# 08/29/2003 jfs - CHAGE errors redirected to /dev/null and grep is now $GREP
# 08/09/2003 jfs - Renamed to check_passwdspec and added CHAGE to dependancies.
# 07/10/2003 rbradetich@uswest.net - Initial release
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallfiles BASEDIR || exit 1
haveallcmds CUT CHAGE || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
haveallfiles BASEDIR || exit 1
haveallcmds CUT CHAGE || exit 1
echo
echo "# Verifying system specific password checks..."
saveifs=$IFS
IFS=:
# Check for password aging
[ -r /etc/passwd ] && {
$CUT -d: -f1,2 /etc/passwd |
while read user pwd
do
[ "$Tiger_Check_PASSWD_SHADOW" = 'Y' ] && [ -s /etc/passwd ] && [ "x$pwd" != "xx" ] && {
message WARN pass20w "" "Login ID $user is not configured to use shadow passwords."
}
# For expiration, pull the password string from /etc/shadow if it exists
[ -r /etc/shadow ] && {
pwd=`$GREP "^$user:" /etc/shadow | $CUT -d: -f2`
}
# Skip this check if the user account is locked
[ "x$pwd" != 'x!' ] && [ "x$pwd" != 'x*' ] && {
if $CHAGE -l $user 2>/dev/null | $GREP "Password Expires:" | $GREP Never >/dev/null 2>&1
then
message WARN pass19w "" "Login ID $user does not have password aging enabled."
fi
}
done
}
IFS=$saveifs
exit 0
|