Added pw hardening

src/rootcheck/db/system_audit_pw.txt

@@ -0,0 +1,40 @@
+# OSSEC Linux Audit - (C) 2018
+#
+# Released under the same license as OSSEC.
+# More details at the LICENSE file included with OSSEC or online
+# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
+#
+# [Application name] [any or all] [reference]
+# type:<entry name>;
+#
+# Type can be:
+#             - f (for file or directory)
+#             - p (process running)
+#             - d (any file inside the directory)
+#
+# Additional values:
+# For the registry , use "->" to look for a specific entry and another
+# "->" to look for the value.
+# For files, use "->" to look for a specific value in the file.
+#
+# Values can be preceeded by: =: (for equal) - default
+#                             r: (for ossec regexes)
+#                             >: (for strcmp greater)
+#                             <: (for strcmp  lower)
+# Multiple patterns can be specified by using " && " between them.
+# (All of them must match for it to return true).
+#
+# Checks for Password Security on Linux Systems
+#
+#
+#1 Passwords in /etc/shadow not hashed with SHA-256 or SHA-512
+[Password Hardening - 1: Not all Passwords in /etc/shadow are hashed with SHA-256 or SHA-512] [any] [https://linux-audit.com/password-security-with-linux-etc-shadow-file/, https://docs.oracle.com/cd/E19253-01/816-4557/concept-23/index.html]
+f:/etc/shadow -> !r:^# && !r:^\w+:NP:\d+:\d*:\d*:\d*:\d*:\d*:\d*$ && r:^\w+:\w\.*:\d+:\d*:\d*:\d*:\d*:\d*:\d*$;
+f:/etc/shadow -> !r:^# && r:\w+:$1$\.+;
+f:/etc/shadow -> !r:^# && r:\w+:$2a$\.+;
+f:/etc/shadow -> !r:^# && r:\w+:$2y$\.+;
+f:/etc/shadow -> !r:^# && r:\w+:$md5$\.+;
+f:/etc/shadow -> !r:^# && r:\w+:$__unix__$\.+;
+#
+#
+#