以下のスクリプトを一度実行しましたが、enforce_for_root一致するものが見つかった場合は行末に追加されました。ただし、何らかの理由でエントリがすでに存在していても、pam_pwquality.soifを入力し続けます。if ! grep -q "enforce_for_root" /etc/pam.d/system-auth
#!/bin/bash
source oem.properties
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo " "
echo -n "Generating SSH keys ... "
if [ -f /home/rlee/.ssh/keys/$RSYNC_KEY ]; then
echo "key exists, skipping."
else
sudo -u rlee ssh-keygen -b 4096 -t $RSYNC_KEY_TYPE -f /home/rlee/.ssh/keys/$RSYNC_KEY -C "$RSYNC_KEY_COMMENT" -q -N ""
if [ $? -ne 0 ]; then log_error "Generating SSH keys."; fi
echo "OK"
fi
echo " "
echo "Add the public key to old OEM server."
echo "Create or modify the authorized_keys file on the old server."
echo "vim /home/rsync/.ssh/authorized_keys"
echo " "
echo "Add the following key: "
while true
do
cat /home/rlee/.ssh/keys/$RSYNC_KEY.pub
echo " "
read -p "Press 'C' to continue: " OPTION
if [ $OPTION == 'C' ] || [ $OPTION == 'c' ]; then break; fi
done
echo -n "Testing SSH connection ... "
ssh -p $OLD_OEM_PORT -i /home/rlee/.ssh/keys/$RSYNC_KEY -o StrictHostKeyChecking=no rsync@$OLD_OEM_HOSTNAME exit
if [ $? -ne 0 ]; then log_error "Testing SSH connection ... "; fi
echo "OK"
useradd llee
useradd nagios
# Enforce password policies
echo -n "Setting password policies ... "
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
if [ $? -ne 0 ]; then log_error "Setting password policies ... "; fi
echo "OK"
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
exit
adduserこのコードブロックをステートメントの前の任意の場所に移動すると、if ! grep -q "enforce_for_root" /etc/pam.d/system-auth期待どおりに機能しません。
なぜこれが起こるのですか?
#!/bin/bash
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
ベストアンサー1
次の行が問題を引き起こしました。
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
以下は、コマンドの実行時に受信するメッセージですauthconfig。
Running authconfig compatibility tool.
The purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig.
IMPORTANT: authconfig is replaced by authselect, please update your scripts.
See man authselect-migration(7) to help you with migration to authselect
pwquality.confファイルを修正しました。
echo -n "Setting password policies ... "
sed -i -e '/# minlen =/s/# minlen/minlen/' /etc/security/pwquality.conf
sed -i -e '/# ucredit =/s/# ucredit/ucredit/' /etc/security/pwquality.conf
sed -i -e '/# lcredit =/s/# lcredit/lcredit/' /etc/security/pwquality.conf
sed -i -e '/# dcredit =/s/# dcredit/dcredit/' /etc/security/pwquality.conf
sed -i -e '/# ocredit =/s/# ocredit/ocredit/' /etc/security/pwquality.conf
sed -i -e '/# enforcing =/s/# enforcing/enforcing/' /etc/security/pwquality.conf
sed -i -e '/# enforce_for_root/s/# enforce_for_root/enforce_for_root/' /etc/security/pwquality.conf
sed -i -e 's/minlen = .*/minlen = 12/' /etc/security/pwquality.conf
sed -i -e 's/ucredit = .*/ucredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/lcredit = .*/lcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/dcredit = .*/dcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/ocredit = .*/ocredit = 1/' /etc/security/pwquality.conf
echo "OK"