[Open-scap] Need help understanding RHEL STIG findings
Klaas van der Lugt
klaas at klaas.nl
Thu Jan 31 18:30:52 UTC 2013
Hello;
About finding root-entries in /etc/passwd;
catch the toor.
>
> I suggest
> grep ':0:[0-9]*:' test-pass | grep -v '^root:'
>
The 'grep' implementation of the check is wrong/too simple.
Of course, one could argue that
awk -F: '$3==0 { print $0 }' /etc/passwd
is much better BUT:
- lines can be commented out (bad idea but people do it)
- /etc/passwd could be additional to LDAP sources etc etc. I have seen
systems where 5% is in /etc/passwd and the rest in OpenLDAP or even
ActiveDirectory!!!
In anyway, it is a bad thing trying to parse the /etc files 'manually'. You
need an operating-system dependent non-do-it-yourself way of getting the
list of configured users, *then* scan for user0. I'd say; "man getpwuid" --
no make that getpwent.
Regards,
Klaas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20130131/9e5e4099/attachment.htm>
More information about the Open-scap-list
mailing list