In this example, we report if users are in /etc/passwd but not in /etc/shadow, or vice-versa.
The PasswdShadowCrosscheckWarning script might send an alert message like the following:
-------------------------------------------------------------------------------
PIKT ALERT
Sun May 18 02:12:43 2003
athens4
WARNING:
PasswdShadowCrosscheckWarning
Report users in /etc/passwd but not in /etc/shadow and vice-versa
grieg in /etc/shadow, not in /etc/passwd
-------------------------------------------------------------------------------
The script follows.
///////////////////////////////////////////////////////////////////////////////
//
// accounts_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
PasswdShadowCrosscheckWarning
init
status active
level warning
task "Report users in /etc/passwd but not in /etc/shadow
and vice-versa"
// generate an input list of account names appearing only in
// one of the two files (/etc/passwd, /etc/shadow) but not both,
input proc "=nawk -F: '{print $1}' =passwd =shadow |
=sort | =uniq -u"
begin
// record all accounts in passwd file in #passwd[] array
if #fopen(PASSWD, "=passwd", "r") != #err()
while #read(PASSWD) > 0
do #split($p, $rdlin, ":")
=incr(#passwd[$p[1]])
endwhile
do #fclose(PASSWD)
else
output mail "can't open =passwd for reading!"
quit
endif
rule
if ! #defined(#passwd[$inlin])
output mail "$inlin in =shadow, not in =passwd"
else
output mail "$inlin in =passwd, not in =shadow"
endif
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
This is just one program example. You could add rules, or write new scripts, for example to crosscheck entries between: /etc/passwd and /etc/group, /etc/passwd and the NIS passwd file (if any), /etc/passwd and /etc/aliases, etc.
[For more examples, see Samples.]
Home |
FAQ |
News |
Intro |
Samples |
Tutorial |
Reference |
Software |
Authors |
Licensing |
SiteSearch
Links |
SiteIndex |
Pikt-Users |
Pikt-Workers |
Contribute |
ContactUs |
Top of Page
Page best viewed at 1024x768.
Page last updated 2005-06-22.
This site is
PIKT®
powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund. All rights reserved.
|