需要自备弱密码明文字典
from _utils.patrol2 import data_format,report_format,run_cmd
import platform
import crypt
with open(passwd[0],'r') as f:
content=f.readlines()
def use_md5(password,salt):
global content
for i in content:
cmd="openssl passwd -1 -salt '{}' '{}'".format(salt,i)
code,res=run_cmd(cmd)
if res.split('$')[-1].strip()==password:
return True
return False
def use_SHA512(id,password,salt):
global content
for i in content:
cry_password=crypt.crypt(i,'${}${}'.format(id,salt))
if cry_password==password:
return True
return False
content=[i.strip('
').strip('
') for i in content]
weak_passwd=[]
remove_users =remove_users.split(',')
low_length_users=[]
cmd="awk -F: 'length($2)<={} {{print $1}}' /etc/shadow".format(passwd_length)
code,res=run_cmd(cmd)
for i in res.split('
'):
if i.strip() not in remove_users:
low_length_users.append(i.strip())
blowfish=[]
nocrypt=[]
cmd="awk -F: '{print $1,$2}' /etc/shadow"
code,res=run_cmd(cmd)
for i in res.split('
'):
user_name=i.split()[0].strip()
if user_name in remove_users:
continue
passwd=i.split()[1].strip()
if passwd in ('!!','') and user_name not in low_length_users:
low_length_users.append(user_name)
elif passwd.startswith('$'):
_,id,salt,hashed=passwd.split('$')
if id=='1' and use_md5(hashed,salt):
weak_passwd.append(user_name)
elif id in ('6','5') and use_SHA512(id,hashed,salt):
weak_passwd.append(user_name)
elif id in ('2a','2y'):
blowfish.append(user_name)
elif id not in ('6','5','2a','2y','1'):
nocrypt.append(user_name)
result=[]
if low_length_users:
result.append('密码长度不足或空密码:{}'.format(','.join(low_length_users)))
if weak_passwd:
result.append('密码强度不足:{}'.format(','.join(weak_passwd)))
if blowfish:
result.append('使用了blowfish加密方式,建议使用sha512方式:{}'.format(','.join(blowfish)))
if nocrypt:
result.append('无法识别加密类型:{}'.format(','.join(nocrypt)))
if not result:
report=data_format('检查结果','正常',0)
else:
report = data_format('检查结果', '
'.join(result), 1)
reports=report_format(platform.node(),[report],is_json=True)