tests: Fix check_root_account when used with tar liveimg test

passwd and openssh-clients need to be installed, and there is no need to
use sudo when you are connecting to the system as root.
This commit is contained in:
Brian C. Lane 2019-10-31 11:05:02 -07:00
parent d67745d755
commit 454af0c5d5
2 changed files with 19 additions and 4 deletions

View File

@ -121,20 +121,27 @@ check_root_account() {
return 1 return 1
fi fi
# If you are connected as root you do not need sudo
if [[ "$SSH_USER" == "root" ]]; then
SUDO=""
else
SUDO="sudo"
fi
if [ $ROOT_ACCOUNT_LOCKED == 0 ]; then if [ $ROOT_ACCOUNT_LOCKED == 0 ]; then
rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo passwd --status root | grep -E '^root\s+NP?'\"" \ rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO passwd --status root | grep -E '^root\s+NP?'\"" \
0 "Password for root account in /etc/shadow is empty" 0 "Password for root account in /etc/shadow is empty"
else else
# ssh returns 255 in case of any ssh error, so it's better to grep the specific error message # ssh returns 255 in case of any ssh error, so it's better to grep the specific error message
rlRun -t -c "ssh $SSH_OPTS -o PubkeyAuthentication=no root@${SSH_MACHINE} 2>&1 | grep -i 'permission denied ('" \ rlRun -t -c "ssh $SSH_OPTS -o PubkeyAuthentication=no root@${SSH_MACHINE} 2>&1 | grep -i 'permission denied ('" \
0 "Can't ssh to '$SSH_MACHINE' as root using password-based auth" 0 "Can't ssh to '$SSH_MACHINE' as root using password-based auth"
rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo passwd --status root | grep -E '^root\s+LK?'\"" \ rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO passwd --status root | grep -E '^root\s+LK?'\"" \
0 "root account is disabled in /etc/shadow" 0 "root account is disabled in /etc/shadow"
rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo grep 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed' /var/log/audit/audit.log\"" \ rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO grep 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed' /var/log/audit/audit.log\"" \
0 "audit.log contains entry about unsuccessful root login" 0 "audit.log contains entry about unsuccessful root login"
# We modify the default sshd settings on live ISO, so we can only check the default empty password setting # We modify the default sshd settings on live ISO, so we can only check the default empty password setting
# outside of live ISO # outside of live ISO
rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} 'sudo grep -E \"^[[:blank:]]*PermitEmptyPasswords[[:blank:]]*yes\" /etc/ssh/sshd_config'" 1 \ rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} '$SUDO grep -E \"^[[:blank:]]*PermitEmptyPasswords[[:blank:]]*yes\" /etc/ssh/sshd_config'" 1 \
"Login with empty passwords is disabled in sshd config file" "Login with empty passwords is disabled in sshd config file"
fi fi
rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} 'cat /etc/redhat-release'" rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} 'cat /etc/redhat-release'"

View File

@ -43,6 +43,14 @@ version = "*"
name = "openssh-server" name = "openssh-server"
version = "*" version = "*"
[[packages]]
name = "openssh-clients"
version = "*"
[[packages]]
name = "passwd"
version = "*"
[[customizations.user]] [[customizations.user]]
name = "root" name = "root"
key = "$PUB_KEY" key = "$PUB_KEY"