From bb4b6b7059867db3bc14529ca4c4f5a3a06d9442 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Thu, 31 Oct 2019 14:14:29 -0700 Subject: [PATCH] tests: Use journalctl -g to check for failed login /var/log/audit/audit.log isn't always available (eg. tar liveimg install), but it is logged to the journal, which can be grepped with 'journalctl -g' so use that instead. Cherry-picked from 89539a7bf49f6bb452653f1cedc15e220ca49428 Related: rhbz#1769525 --- tests/cli/lib/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cli/lib/lib.sh b/tests/cli/lib/lib.sh index 17342831..80507661 100755 --- a/tests/cli/lib/lib.sh +++ b/tests/cli/lib/lib.sh @@ -137,7 +137,7 @@ check_root_account() { 0 "Can't ssh to '$SSH_MACHINE' as root using password-based auth" rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO passwd --status root | grep -E '^root\s+LK?'\"" \ 0 "root account is disabled in /etc/shadow" - rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO grep 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed' /var/log/audit/audit.log\"" \ + rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO journalctl -g 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed'\"" \ 0 "audit.log contains entry about unsuccessful root login" # We modify the default sshd settings on live ISO, so we can only check the default empty password setting # outside of live ISO