需要自备弱密码明文字典
from _utils.patrol2 import data_format,report_format,run_cmd
import platform
import crypt
with open(passwd[0],'r') as f:
cOntent=f.readlines()
def use_md5(password,salt):
global content
for i in content:
cmd="openssl passwd -1 -salt '{}' '{}'".format(salt,i)
code,res=run_cmd(cmd)
if res.split('$')[-1].strip()==password:
return True
return False
def use_SHA512(id,password,salt):
global content
for i in content:
cry_password=crypt.crypt(i,'${}${}'.format(id,salt))
if cry_password==password:
return True
return False
cOntent=[i.strip('\r\n').strip('\n') for i in content]
weak_passwd=[]
remove_users =remove_users.split(',')
low_length_users=[]
cmd="awk -F: &#39;length($2)<={} {{print $1}}&#39; /etc/shadow".format(passwd_length)
code,res=run_cmd(cmd)
for i in res.split(&#39;\n&#39;):
if i.strip() not in remove_users:
low_length_users.append(i.strip())
blowfish=[]
nocrypt=[]
cmd="awk -F: &#39;{print $1,$2}&#39; /etc/shadow"
code,res=run_cmd(cmd)
for i in res.split(&#39;\n&#39;):
user_name=i.split()[0].strip()
if user_name in remove_users:
continue
passwd=i.split()[1].strip()
if passwd in (&#39;!!&#39;,&#39;&#39;) and user_name not in low_length_users:
low_length_users.append(user_name)
elif passwd.startswith(&#39;$&#39;):
_,id,salt,hashed=passwd.split(&#39;$&#39;)
if id==&#39;1&#39; and use_md5(hashed,salt):
weak_passwd.append(user_name)
elif id in (&#39;6&#39;,&#39;5&#39;) and use_SHA512(id,hashed,salt):
weak_passwd.append(user_name)
elif id in (&#39;2a&#39;,&#39;2y&#39;):
blowfish.append(user_name)
elif id not in (&#39;6&#39;,&#39;5&#39;,&#39;2a&#39;,&#39;2y&#39;,&#39;1&#39;):
nocrypt.append(user_name)
result=[]
if low_length_users:
result.append(&#39;密码长度不足或空密码:{}&#39;.format(&#39;,&#39;.join(low_length_users)))
if weak_passwd:
result.append(&#39;密码强度不足:{}&#39;.format(&#39;,&#39;.join(weak_passwd)))
if blowfish:
result.append(&#39;使用了blowfish加密方式,建议使用sha512方式:{}&#39;.format(&#39;,&#39;.join(blowfish)))
if nocrypt:
result.append(&#39;无法识别加密类型:{}&#39;.format(&#39;,&#39;.join(nocrypt)))
if not result:
report=data_format(&#39;检查结果&#39;,&#39;正常&#39;,0)
else:
report = data_format(&#39;检查结果&#39;, &#39;\n&#39;.join(result), 1)
reports=report_format(platform.node(),[report],is_json=True)