PIKT

Samples: Passwd File Problems

PIKT Logo
Home FAQ News Intro Samples Tutorial Reference Software Authors Licensing SiteSearch


In this example, we report passwd file problems.

The PasswdFileProblemsUrgent script might send an alert message like the following:

-------------------------------------------------------------------------------

                                PIKT ALERT
                         Mon Jan 28 20:49:19 2002
                                  rouen

URGENT:
    PasswdFileProblemsUrgent
        Report passwd file problems

        User alsuen has NO PASSWORD!

-------------------------------------------------------------------------------
The script follows.

///////////////////////////////////////////////////////////////////////////////
//
// accounts_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////

PasswdFileProblemsUrgent

        init
                status active
                level urgent
                task "Report passwd file problems"
                input proc "=sort -t: +2n =passwd"
                seps ":"
                =passwddata

        begin   // assume no crisis (yet)
                set #crisis = #false()

        rule    // non-root uid 0s
                if    $uid eq "0"
                   && $uname ne "root"
                        output mail "User $uname has UID OF 0!"
                        output syslog "User $uname has UID OF 0!"
                        set #crisis = #true()
                endif

        rule    // no password
                if $password eq ""
                        output mail "User $uname has NO PASSWORD!"
                        output syslog "User $uname has NO PASSWORD!"
                        if $uname eq "root"
                                set #crisis = #true()
                        endif
                endif

        end     // drastic change in /etc/passwd file size
                // by setting the =deviated() percentage to 0%, could also
                // report *any* change in /etc/passwd file size
                set #lines = #innum()
                if =deviated(lines, 20%)
                        output mail "the size of /etc/passwd has changed
                                     by >= 20%, was $text(%lines) lines,
                                     is now $text(#lines)"
                        set #crisis = #true()
                endif
#ifdef page
                if #crisis
#  if misscritsys
                        =page($hostname() urgent passwd problem (see alert email),
                              =pagesysadmins, =allhours(#now()))
#  else
                        =page($hostname() urgent passwd problem (see alert email),
                              =pagesysadmins, ! =offhours(#now()))
#  endif  // misscritsys
                endif
#endifdef  // page

///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////
This is just one program example.  You could add rules, or write new scripts, for example to report:  frozen (starred out) accounts, accounts with missing uid or gid, duplicate uids, non-existent gids, empty gecos fields, non-existent home directories or shells, password changes for certain key accounts, illegal user names, malformed lines, etc.

[For more examples, see Samples.]


Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software | Authors | Licensing | SiteSearch
Links | SiteIndex | Pikt-Users | Pikt-Workers | Contribute | ContactUs | Top of Page
Page best viewed at 1024x768.   Page last updated 2005-06-22.
This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund.  All rights reserved.

Computer Books at Amazon.com

Essential CVS
Essential CVS

Sams Teach Yourself SuSE Linux in 24 Hours Starter Kit
Sams Teach Yourself SuSE Linux in 24 Hours Starter Kit

Network Security Tools
Network Security Tools

Computer Security Basics
Computer Security Basics

Crackproof Your Software
Crackproof Your Software