!341 新增基线扫描项'06非root的账号不能为0'

Merge pull request !341 from a-alpha/alpha-dev
2023-11-16 07:29:11 +00:00 · 2023-11-16 07:29:11 +00:00 · 2b5a3da0c5
parent ec99252c79 15c87cb01c
commit 2b5a3da0c5
4 changed files with 189 additions and 0 deletions
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py
@ -0,0 +1,74 @@
+
+import os
+import sys
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+def is_root():
+    if os.geteuid() == 0:
+        print(STR_IS_ROOT_TRUE)
+        return True
+    else:
+        print(STR_IS_ROOT_FALSE)
+        return False
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def useradd_uid0():
+    cmd1= 'sudo userdel -rf test1 > /dev/null 2>&1'
+    cmd2= 'sudo groupdel  test1 > /dev/null 2>&1'
+    os.system(cmd1)
+    os.system(cmd2)
+    output = os.popen('sudo useradd test1 -u 0  2>&1').read().strip() 
+
+    if "UID 0 并不唯一" in output :
+        l_print("[OK] 测试通过",
+                "[OK] pass")
+    else:
+        l_print("[ERROR] 测试未通过",
+                "[ERROR] fail")
+
+################################
+# main
+if __name__ == "__main__":
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+
+    useradd_uid0()
+    exit(0)
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml
@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: useradd_uid0
+Belong: baseline
+SiteInfo:
+    Name: 06非root的账号不能为0
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 06非root的账号不能为0.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py
@ -0,0 +1,71 @@
+
+import os
+import sys
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+def is_root():
+    if os.geteuid() == 0:
+        print(STR_IS_ROOT_TRUE)
+        return True
+    else:
+        print(STR_IS_ROOT_FALSE)
+        return False
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def etc_shadow():
+    output = os.popen('sudo cat /etc/shadow | grep $ | grep -v ^# 2>&1').read().strip() 
+ 
+
+    if "$" in output:
+       l_print("[OK] 测试通过",
+                 "[OK] pass")
+    else:
+       l_print("[ERROR] 测试未通过",
+                "[ERROR] fail")
+
+################################
+# main
+if __name__ == "__main__":
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+
+    etc_shadow()
+    exit(0)
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml
@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: etc_shadow
+Belong: baseline
+SiteInfo:
+    Name: 60存储敏感数据的文件加密存储
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 60存储敏感数据的文件加密存储.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限