|
|
|
|
UGU: Unix Guru Universe - Unix Tip #4144- June 16, 2012
- Home : Help
: Today's Tip
Unix Tip #4144- June 16, 2012
MONITORING ROOT IN THE PASSWORD FILE
One of the popularly known method of breaking into a Unix host
is by inserting a uid value 0 in the /etc/passwd file which could
be done in many ways including backdoors for later accesses .
The script below displays warning messages on the console if
such changes a detacted. Simply place the script in the crontab
and run as frequent as you wish.
------------------------------CUT HERE-----------------------------------------
for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) print $1}' /etc/passwd`
do
cat << the_end >/dev/console
+----------------------------------------------------------------
|
| `date "+Detacted On Date :%D Time :%r"`
| Break-in ALERT! Login ID `echo ${id}` has uid 0
|
+----------------------------------------------------------------
the_end
done
------------------------------CUT HERE-----------------------------------------
NOTE: All tips provided are USE AT YOUR OWN RISK. Tips are submitted
by various unix admins around the globe. UGU suggest you read and
test each tip in a non-volitile environment before placing into
production.
LAST 5 TIPS
4143
- CREATE YOUR OWN GROUP ALIASES
4142
- KILL X
4141
- ALTERNATIVE TO CP
4140
- -------- REMOVE THE DASHES
4139
- SEPARATE SHELL COMMAND HISTORY FILES
I want to
SUBSCRIBE
and get a UGU Tip everyday.
I want to
UNSUBSCRIBE
and NOT get a UGU Tip everyday.
If you have a UNIX TIP let us know, we just may use it:
(All tips become the property of the Unix Guru Universe)
|
|
|
Copyright 1994-2024 Unix Guru Universe |
|
|
|
|