[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



Steve Grubb <sgrubb redhat com> writes:

> 5) We must audit changes to trusted databases
>
> To accomplish this, we instrument the shadow-utils code. This lets
> us see who modified any account and which account and how it was
> modified. You can find these in your audit logs ny looking for
>
> ausearch --start this-month -m ADD_USER

# vipw
i
foo:x:1111:1111:x:/bin/foo:/bin/sh

# ausearch --start this-month -m ADD_USER
#

or

$ ldapadd
dn: uid=foo,...

# ausearch --start this-month -m ADD_USER
#


Both 'vipw' and 'ldapadd' are official and documented tools to manage
user database.


> The utilities that would allow you to modify it cannot be accessed
> unless you are root.

Sounds like "when the algorithm is hidden, the crypto mechanism is
secure"...




Enrico


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]