From 7fe9101b2d363c0855ce5ba341e116a2a9408dd2 Mon Sep 17 00:00:00 2001
From: chenxinquan <chenxinquan@kylinos.cn>
Date: Thu, 16 Nov 2023 15:26:27 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=9F=BA=E7=BA=BF?=
 =?UTF-8?q?=E6=89=AB=20=E6=8F=8F=E9=A1=B9'06=E9=9D=9Eroot=E7=9A=84?=
 =?UTF-8?q?=E8=B4=A6=E5=8F=B7=E4=B8=8D=E8=83=BD=E4=B8=BA0'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../6/06非root的账号不能为0.py                | 74 +++++++++++++++++++
 .../6/06非root的账号不能为0.yaml              | 22 ++++++
 2 files changed, 96 insertions(+)
 create mode 100755 data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py
 create mode 100755 data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml

diff --git a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py
new file mode 100755
index 0000000..0fb0c5c
--- /dev/null
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.py
@@ -0,0 +1,74 @@
+
+import os
+import sys
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+def is_root():
+    if os.geteuid() == 0:
+        print(STR_IS_ROOT_TRUE)
+        return True
+    else:
+        print(STR_IS_ROOT_FALSE)
+        return False
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def useradd_uid0():
+    cmd1= 'sudo userdel -rf test1 > /dev/null 2>&1'
+    cmd2= 'sudo groupdel  test1 > /dev/null 2>&1'
+    os.system(cmd1)
+    os.system(cmd2)
+    output = os.popen('sudo useradd test1 -u 0  2>&1').read().strip() 
+
+    if "UID 0 并不唯一" in output :
+        l_print("[OK] 测试通过",
+                "[OK] pass")
+    else:
+        l_print("[ERROR] 测试未通过",
+                "[ERROR] fail")
+
+################################
+# main
+if __name__ == "__main__":
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+
+    useradd_uid0()
+    exit(0)
diff --git a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml
new file mode 100755
index 0000000..d1e4e61
--- /dev/null
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/6/06非root的账号不能为0.yaml
@@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: useradd_uid0
+Belong: baseline
+SiteInfo:
+    Name: 06非root的账号不能为0
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 06非root的账号不能为0.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限

From 15c87cb01c8eb1456fc918b6320776b6da5eb709 Mon Sep 17 00:00:00 2001
From: chenxinquan <chenxinquan@kylinos.cn>
Date: Thu, 16 Nov 2023 15:26:57 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=9F=BA=E7=BA=BF?=
 =?UTF-8?q?=E6=89=AB=20=E6=8F=8F=E9=A1=B9'60=E5=AD=98=E5=82=A8=E6=95=8F?=
 =?UTF-8?q?=E6=84=9F=E6=95=B0=E6=8D=AE=E7=9A=84=E6=96=87=E4=BB=B6=E5=8A=A0?=
 =?UTF-8?q?=E5=AF=86=E5=AD=98=E5=82=A8'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../60/60存储敏感数据的文件加密存储.py        | 71 +++++++++++++++++++
 .../60/60存储敏感数据的文件加密存储.yaml      | 22 ++++++
 2 files changed, 93 insertions(+)
 create mode 100755 data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py
 create mode 100755 data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml

diff --git a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py
new file mode 100755
index 0000000..6f4ac0d
--- /dev/null
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.py
@@ -0,0 +1,71 @@
+
+import os
+import sys
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+def is_root():
+    if os.geteuid() == 0:
+        print(STR_IS_ROOT_TRUE)
+        return True
+    else:
+        print(STR_IS_ROOT_FALSE)
+        return False
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def etc_shadow():
+    output = os.popen('sudo cat /etc/shadow | grep $ | grep -v ^# 2>&1').read().strip() 
+ 
+
+    if "$" in output:
+       l_print("[OK] 测试通过",
+                 "[OK] pass")
+    else:
+       l_print("[ERROR] 测试未通过",
+                "[ERROR] fail")
+
+################################
+# main
+if __name__ == "__main__":
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+
+    etc_shadow()
+    exit(0)
diff --git a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml
new file mode 100755
index 0000000..6ec85ff
--- /dev/null
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/60/60存储敏感数据的文件加密存储.yaml
@@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: etc_shadow
+Belong: baseline
+SiteInfo:
+    Name: 60存储敏感数据的文件加密存储
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 60存储敏感数据的文件加密存储.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限