[Gllug] Audit Season...
Simon Morris
mozrat at gmail.com
Tue Jun 23 18:24:18 UTC 2009
Just for the groups amusement.
I've been asked to run the following commands on our Linux/Unix systems
by an internal auditor.
My questions are.. (1) What century does the auditor think it is and (2)
does this request demonstrate any proficiency in auditing these types of
systems.
</grumble>
---
FOR UNIX SYSTEMS
-----------------
1) To view user/password file which shall have encrypted passwords:
more /etc/passwd
2) To check for users with no password:
awk -F: 'length($2)<1 {print $1}'
< /etc/passwd
3) To sort password file by UID (all UID=0 are admin users - file reads
like -> name:password:UID ):
sort +2n -t: /etc/passwd
4) To list services runnning:
more /etc/inetd.conf
(ones with # are not running)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list