My question is, how do i edit the script such that if PASS_MAX_DAYS is equals to 14 days or less then it equals to “Vulnerability: No”?
My Script
#!/bin/bash
passwordexpiry=`grep "^PASS_MAX_DAYS" /etc/login.defs`
if [[ $(passwordexpiry) == "PASS_MAX_DAYS 99999" ]]
then
isVulnerable="Yes"
else
isVulnerable="No"
fi
echo "Audit criteria: The passowrds expires every 2 weeks"
echo "Vulnerability: ${isVulnerable}"
echo "Details: See below"
echo
echo "Command:"
echo "grep "^PASS_MAX_DAYS" /etc/login.defs"
echo
echo "Output:"
echo ${passwordexpiry}
echo
Advertisement
Answer
You can use grep -oP "^PASS_MAX_DAYSs+K([0-9]+)" /etc/login.defs to extract the value :
#!/bin/bash
max=14
passwordexpiry=`grep -oP "^PASS_MAX_DAYSs+K([0-9]+)" /etc/login.defs`
if [ "$passwordexpiry" -le "$max" ]
then
isVulnerable="No"
else
isVulnerable="Yes"
fi
echo "$isVulnerable"
K starts the match from the position of the value ([0-9]+)