我的问题是,我如何编辑脚本,以便如果密码的最小长度大于或等于10,那么它将显示“漏洞:否”?
谢谢。 :)
我的脚本
#!/bin/bash
passminlen=`grep "^minlen /etc/security/pwquality.conf`
if [[ $passminlen == "minlen=10" ]]
then
isVulnerable="no"
else
isVulnerable="Yes"
fi
echo
echo "Audit Criteria: Password minimum length is 10 or greater"
echo "Vulnerability: $isVulnerable"
echo "Details: See Below"
echo
echo "Source of info:"
echo "grep ^minlen /etc/security/pwquality.conf
echo
echo "Output: $passminlen"
echo
echo "Remediation: "
echo "If password minimum length is lesser than 10 please edit the following under /etc/security/pwquality.conf."
echo
您可以使用awk -F= '$1=="minlen" {print $2}' /etc/security/pwquality.conf来获得最小长度的纯数字。 -F=告诉awk在“ =”字符上分割行,然后脚本检查字段#1(在“ =”之前的内容)是否为“ minlen”,如果是,则打印字段#2(在字段之后的内容)。 “ =”)。
还有一些其他注意事项;首先,可能未定义minlen,因此需要进行检查。您可能要检查多个定义。另外,在bash中进行数字比较时,最简单的方法是使用(( ))而不是[[ ]]。而且我建议使用$( )而不是反引号。
类似这样的东西:
passminlen=$(awk -F= '$1=="minlen" {print $2}' /etc/security/pwquality.conf)
if [[ -z "$passminlen" ]]
then # Minimum length is not defined
isVulnerable="yes"
elif [[ "$passminlen" = *$'\n'* ]]
then # Minimum length is multiply defined; this is weird
isVulnerable="yes"
elif (( $passminlen" >= 10 ))
then
isVulnerable="no"
else
isVulnerable="Yes"
fi
考虑到您的grep中的错字(^=),它可能永远无法工作。
顺便说一句,您要做的是检查conf文件中“ minlen”的值,因此您应该破坏grep的结果,只取=之后的值>
E.G。
#!/bin/bash passminlen="$(grep -e "^minlen" /etc/security/pwquality.conf)" if [ "${passminlen#*=}" -ge 10 ]; then isVulnerable="no" else isVulnerable="Yes" fi注意:
$(...)命令替代而不是反引号。