PIKT

Samples: Passwd & Shadow Crosscheck

PIKT Logo
Home FAQ News Intro Samples Tutorial Reference Software Authors Licensing SiteSearch


In this example, we report if users are in /etc/passwd but not in /etc/shadow, or vice-versa.

The PasswdShadowCrosscheckWarning script might send an alert message like the following:

-------------------------------------------------------------------------------

                                PIKT ALERT
                         Sun May 18 02:12:43 2003
                                 athens4

WARNING:
    PasswdShadowCrosscheckWarning
        Report users in /etc/passwd but not in /etc/shadow and vice-versa

        grieg in /etc/shadow, not in /etc/passwd

-------------------------------------------------------------------------------
The script follows.

///////////////////////////////////////////////////////////////////////////////
//
// accounts_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////

PasswdShadowCrosscheckWarning

        init
                status active
                level warning
                task "Report users in /etc/passwd but not in /etc/shadow
                      and vice-versa"
                // generate an input list of account names appearing only in
                // one of the two files (/etc/passwd, /etc/shadow) but not both,
                input proc "=nawk -F: '{print $1}' =passwd =shadow |
                            =sort | =uniq -u"

        begin
                // record all accounts in passwd file in #passwd[] array
                if #fopen(PASSWD, "=passwd", "r") != #err()
                        while #read(PASSWD) > 0
                                do #split($p, $rdlin, ":")
                                =incr(#passwd[$p[1]])
                        endwhile
                        do #fclose(PASSWD)
                else
                        output mail "can't open =passwd for reading!"
                        quit
                endif

        rule
                if ! #defined(#passwd[$inlin])
                        output mail "$inlin in =shadow, not in =passwd"
                else
                        output mail "$inlin in =passwd, not in =shadow"
                endif

///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////
This is just one program example.  You could add rules, or write new scripts, for example to crosscheck entries between:  /etc/passwd and /etc/group, /etc/passwd and the NIS passwd file (if any), /etc/passwd and /etc/aliases, etc.

[For more examples, see Samples.]

Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software | Authors | Licensing | SiteSearch
Links | SiteIndex | Pikt-Users | Pikt-Workers | Contribute | ContactUs | Top of Page
Page best viewed at 1024x768.   Page last updated 2005-06-22.
This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund.  All rights reserved.

Computer Books at Amazon.com

Learning XML
Learning XML

Red Hat Linux Firewalls
Red Hat Linux Firewalls

HTML & XHTML: The Complete Reference
HTML & XHTML: The Complete Reference

Linux iptables Pocket Reference
Linux iptables Pocket Reference

Practical Unix & Internet Security
Practical Unix & Internet Security