Password file issues
By Aeleen Frisch
Passwords are, of course, an important part of security, but aside from
imposing password creation restrictions, administrators can overlook
password maintenance. This tip from Aeleen Frisch's book Essential
System Administration, published by O'Reilly Associates, gives some
advice for maintaining the integrity of password files.
It is important to examine the password file regularly for potential
account-level security problems, (as well as the shadow password file
when applicable). In particular, it should be examined for:
* Accounts without passwords.
* UIDs of 0 for accounts other than root (which are also superuser
accounts).
* GIDs of 0 for accounts other than root. Generally, users don't have
group 0 as their primary group.
* Accounts added or deleted without your knowledge.
* Other types of invalid or improperly formatted entries.
* The file's own ownership and permissions.
Under System V, SunOS and Linux (via shadow package), the pwck command
will perform some simple syntax checking on the password file and can
identify some security problems with it (AIX provides the very similar
pwdck command to check its several user account database files). pwck
will report on invalid usernames (including null ones), UIDs and GIDs,
null or nonexistent home directories, invalid shells and entries with
the wrong number of fields (often indicating extra or missing colons
and other typos). However, it won't find a lot of other, more serious
security problems. You'll need to check for those periodically in some
other manner. (The grpck command performs similar simple syntax
checking for the /ect/group file.)
Related book
Essential System Administration, Second Edition
Author : Aeleen Frisch
Publisher : O'Reilly & Associates
ISBN/CODE : 1565921275
Cover Type : Soft Cover
Pages : 788
Published : Sept. 1995
Summary:
Essential System Administration takes an in-depth look at the fundamentals of UNIX system administration in a real-world, heterogeneous environment. The book approaches UNIX system administration from the perspective of your job -- the routine tasks and troubleshooting that make up your day. Whether you're dealing with frustrated users, convincing an uncomprehending management that you need new hardware, rebuilding the kernel, or simply adding new users, you'll find help in this book. You'll also learn about back up and restore and how to set up printers, secure your system and perform many other system administration tasks. But the book is not for full-time system administrators alone. Linux users and others who administer their own systems will benefit from its practical, hands-on approach.
