需要自备弱密码明文字典

from _utils.patrol2 import data_format,report_format,run_cmd

import platform

import crypt

with open(passwd[0],'r') as f:

content=f.readlines()

def use_md5(password,salt):

global content

for i in content:

cmd="openssl passwd -1 -salt '{}' '{}'".format(salt,i)

code,res=run_cmd(cmd)

if res.split('$')[-1].strip()==password:

return True

return False

def use_SHA512(id,password,salt):

global content

for i in content:

cry_password=crypt.crypt(i,'${}${}'.format(id,salt))

if cry_password==password:

return True

return False

content=[i.strip('\r\n').strip('\n') for i in content]

weak_passwd=[]

remove_users =remove_users.split(',')

low_length_users=[]

cmd="awk -F: 'length($2)<={} {{print $1}}' /etc/shadow".format(passwd_length)

code,res=run_cmd(cmd)

for i in res.split('\n'):

if i.strip() not in remove_users:

low_length_users.append(i.strip())

blowfish=[]

nocrypt=[]

cmd="awk -F: '{print $1,$2}' /etc/shadow"

code,res=run_cmd(cmd)

for i in res.split('\n'):

user_name=i.split()[0].strip()

if user_name in remove_users:

continue

passwd=i.split()[1].strip()

if passwd in ('!!','') and user_name not in low_length_users:

low_length_users.append(user_name)

elif passwd.startswith('$'):

_,id,salt,hashed=passwd.split('$')

if id=='1' and use_md5(hashed,salt):

weak_passwd.append(user_name)

elif id in ('6','5') and use_SHA512(id,hashed,salt):

weak_passwd.append(user_name)

elif id in ('2a','2y'):

blowfish.append(user_name)

elif id not in ('6','5','2a','2y','1'):

nocrypt.append(user_name)

result=[]

if low_length_users:

result.append('密码长度不足或空密码：{}'.format(','.join(low_length_users)))

if weak_passwd:

result.append('密码强度不足:{}'.format(','.join(weak_passwd)))

if blowfish:

result.append('使用了blowfish加密方式，建议使用sha512方式:{}'.format(','.join(blowfish)))

if nocrypt:

result.append('无法识别加密类型:{}'.format(','.join(nocrypt)))

if not result:

report=data_format('检查结果','正常',0)

else:

report = data_format('检查结果', '\n'.join(result), 1)

reports=report_format(platform.node(),[report],is_json=True)