Added check_root_user: make sure that root user does not have a password

2022-04-13 15:57:10 +02:00 · 2022-04-13 15:57:10 +02:00 · 1281891363
parent 3fcab1eeb3
commit 1281891363
2 changed files with 24 additions and 12 deletions
--- a/6
+++ b/6
@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+## [22.04] - 2022-04-13
+
+### Added
+
+- Added check_root_user: make sure that root user does not have a password
+
 ## [22.03] - 2022-03-10

 ### Added
--- a/evocheck.sh
+++ b/evocheck.sh
@ -3,7 +3,7 @@
 # EvoCheck
 # Script to verify compliance of an OpenBSD server powered by Evolix

-readonly VERSION="22.03"
+readonly VERSION="22.04"

 # base functions

@ -484,6 +484,11 @@ check_versions() {

    rm -f "${versions_file}"
 }
+check_root_user() {
+    if [ "$(grep "^root:" /etc/master.passwd | awk -F":" '{print $2}')" != "*************" ]; then
+        failed "IS_ROOT_USER" "root user should not have a password ; replace the password field with 'vipw' for the root user with '*************' (exactly 13 asterisks) "
+    fi
+}

 main() {
    # Default return code : 0 = no error
@ -533,6 +538,7 @@ main() {
    test "${IS_BIND9MUNIN:=1}" = 1 && check_bind9munin
    test "${IS_EVOLIX_USER:=1}" = 1 && check_evolix_user
    test "${IS_VERSIONS_CHECK:=1}" = 1 && check_versions
+    test "${IS_ROOT_USER:=1}" = 1 && check_root_user

    exit ${RC}
 }