iaintshootinmis
commented
6 years ago I'll take a swing at this. Where do I need to store the function? (I'm not great at this, but it looks easy enough to code and produce some formatted output. )
Closed sigio closed 4 years ago
iaintshootinmis
commented
6 years ago I'll take a swing at this. Where do I need to store the function? (I'm not great at this, but it looks easy enough to code and produce some formatted output. )
mboelen
commented
6 years ago Hi @justinamcafee - You can add it as a separate test (e.g. AUTH-9350), if you are still up for it.
chr0mag
commented
5 years ago Much of this is already covered:
Since AUTH-9282/9283 already inspect passwd --status --all it would be simple to check for locked
accounts here as well by adding:
FIND3=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }')...and then adding a new test case (eg. AUTH-9284) to output the locked accounts.
@mboelen Should system accounts be ignored when listing locked accounts? Most (all?) accounts with 0<UID<1000 and UID<65534 (nobody user) are locked so reporting this may not be helpful.
jotasprout
commented
4 years ago I see this was reopened 9 days ago -- what needs to be done?
mboelen
commented
4 years ago Sorry for lack of response on this one. Finishing the major 3.x release had priority, which is now completed.
@chr0mag yes, might make sense to ignore system accounts @jotasprout feel free to pick it up with the suggestion made by @chr0mag
github-actions[bot]
commented
4 years ago Stale issue message
danielorihuela
commented
4 years ago Hi guys, I made a PR adding a test for the locked accounts. Is my first PR to the project, any feedback is appreciated.
Thanks.
It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts: