By Aeleen Frisch
Passwords are, of course, an important part of security, but aside from imposing password creation restrictions, administrators can overlook password maintenance. This tip from Aeleen Frisch's book Essential System Administration, published by O'Reilly Associates, gives some advice for maintaining the integrity of password files.
It is important to examine the password file regularly for potential account-level security problems, (as well as the shadow password file when applicable). In particular, it should be examined for:
* Accounts without passwords.
* UIDs of 0 for accounts other than root (which are also superuser accounts).
* GIDs of 0 for accounts other than root. Generally, users don't have group 0 as their primary group.
* Accounts added or deleted without your knowledge.
* Other types of invalid or improperly formatted entries.
* The file's own ownership and permissions.
Under System V, SunOS and Linux (via shadow package), the pwck command will perform some simple syntax checking on the password file and can identify some security problems with it (AIX provides the very similar pwdck command to check its several user account database files). pwck will report on invalid usernames (including null ones), UIDs and GIDs, null or nonexistent home directories, invalid shells and entries with the wrong number of fields (often indicating extra or missing colons and other typos). However, it won't find a lot of other, more serious security problems. You'll need to check for those periodically in some other manner. (The grpck command performs similar simple syntax checking for the /ect/group file.)
Related book Essential System Administration, Second Edition
Author : Aeleen Frisch
Publisher : O'Reilly & Associates
ISBN/CODE : 1565921275
Cover Type : Soft Cover
Pages : 788
Published : Sept. 1995
Essential System Administration takes an in-depth look at the fundamentals of UNIX system administration in a real-world, heterogeneous environment. The book approaches UNIX system administration from the perspective of your job -- the routine tasks and troubleshooting that make up your day. Whether you're dealing with frustrated users, convincing an uncomprehending management that you need new hardware, rebuilding the kernel, or simply adding new users, you'll find help in this book. You'll also learn about back up and restore and how to set up printers, secure your system and perform many other system administration tasks. But the book is not for full-time system administrators alone. Linux users and others who administer their own systems will benefit from its practical, hands-on approach.
Dig Deeper on Password Management and Policy