UGU Unix Guru Universe
For Unix Admins, By Unix Admins
Follow ugucom on Twitter      Search  in 
Home
BEGINNERS & USERS

Events

Internet
 
 Linux
BEGINNERS & USERS
Software
Linux Vendors
Usenet NewsGroups
Books & Publications
 
 Shop
Cool Admin Gifts!
Gadgets
T-Shirts
Books
 
 Unix Guru Universe
About
Add Link
Feedback
 
 
UGU: Unix Guru Universe - Unix Tip #4144- June 16, 2012 - Home : Help : Today's Tip
Unix Tip #4144- June 16, 2012

MONITORING ROOT IN THE PASSWORD FILE


One of the popularly known method of breaking into a Unix host
is by inserting a uid value 0 in the /etc/passwd file which could
be done in many ways including backdoors for later accesses .

The script below displays warning messages on the console if
such changes a detacted. Simply place the script in the crontab
and run as frequent as you wish.

------------------------------CUT HERE-----------------------------------------

for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) print $1}' /etc/passwd`
do
cat << the_end >/dev/console

+----------------------------------------------------------------
|
| `date "+Detacted On Date :%D Time :%r"`
| Break-in ALERT! Login ID `echo ${id}` has uid 0
|
+----------------------------------------------------------------

the_end
done
------------------------------CUT HERE-----------------------------------------



NOTE: All tips provided are USE AT YOUR OWN RISK. Tips are submitted by various unix admins around the globe. UGU suggest you read and test each tip in a non-volitile environment before placing into production.


LAST 5 TIPS
4143 - CREATE YOUR OWN GROUP ALIASES
4142 - KILL X
4141 - ALTERNATIVE TO CP
4140 - -------- REMOVE THE DASHES
4139 - SEPARATE SHELL COMMAND HISTORY FILES


I want to SUBSCRIBE and get a UGU Tip everyday.
I want to UNSUBSCRIBE and NOT get a UGU Tip everyday.

If you have a UNIX TIP let us know, we just may use it:
(All tips become the property of the Unix Guru Universe)
Email Address:

Yes, email me a Hot Unix Tip everday.

Enter Hot Unix Tip (optional):

Yes, I will support this tip

Captcha (not case sensitive):


Please enter the above letters:

 
Copyright 1994-2024 Unix Guru Universe