=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
UNIX GURU UNIVERSE
UNIX HOT TIP
Unix Tip 3556 - November 4, 2013
http://www.ugu.com/sui/ugu/show?tip.today
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
MONITORING ROOT IN THE PASSWORD FILE
One of the popularly known method of breaking into a Unix host
is by inserting a uid value 0 in the /etc/passwd file which could
be done in many ways including backdoors for later accesses .
The script below displays warning messages on the console if
such changes a detacted. Simply place the script in the crontab
and run as frequent as you wish.
------------------------------CUT HERE-----------------------------------------
for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) print $1}' /etc/passwd`
do
cat << the_end >/dev/console
+----------------------------------------------------------------
|
| `date "+Detacted On Date :%D Time :%r"`
| Break-in ALERT! Login ID `echo ${id}` has uid 0
|
+----------------------------------------------------------------
the_end
done
------------------------------CUT HERE-----------------------------------------
--------------------------------------------------------------------------
To Subscribe: http://www.ugu.com/sui/ugu/show?tip.subscribe
To Unsubscribe: http://www.ugu.com/sui/ugu/show?tip.unsubscribe
To Submit A Tip: http://www.ugu.com/sui/ugu/show?tip.today
==========================================================================
DISCLAIMER: All UNIX HOT TIPS ARE OWNED BY THE UNIX GURU UNIVERSE AND ARE
NOT TO BE SOLD, PRINTED OR USED WITHOUT THE WRITTEN CONSENT OF THE UNIX
GURU UNIVERSE. ALL TIPS ARE "USE AT YOUR OWN RISK". UGU ADVISES THAT
ALL TIPS BE TESTED IN A NON-PRODUCTION DEVELOPMENT ENVIRONMENT FIRST.
Unix Guru Universe - www.ugu.com - tips@ugu.com - Copyright 1994-2001
==========================================================================
skip to main |
skip to sidebar
Unix and Linux Tips taken from http://ugu.com
Search
Postingan
Pengikut
Arsip Blog
-
▼
2013
(365)
-
▼
November
(30)
- Unix Tip: GREP TEXT NOT BINARY
- Unix Tip: GET THE HIDDEN FILES
- Unix Tip: FINDING A STRING
- Unix Tip: RANDOM LINES FROM A FILE
- Unix Tip: EXTRACT THAT LAST FIELD
- Unix Tip: FULL OF FILESYSTEM INODES
- Unix Tip: FORGET THE CRONTAB MAN
- Unix Tip: POWER OF BACKQUOTES
- Unix Tip: PING THE HOST TABLE
- Unix Tip: A SHAMELESS PLUG
- Unix Tip: REPETITIVE TASKS WITH XARGS
- Unix Tip: Suppose we want to check whether the web...
- Unix Tip: CTRL-D ANOTHER USE
- Unix Tip: HIDE THOSE FILES
- Unix Tip: TCSH AND RMSTAR
- Unix Tip: PERFORMANCE OF CROND TASKS
- Unix Tip: SHELL SCRIPTING A SQLPLUS SCRIPT
- Unix Tip: I SEE YOU WITH FUSER
- Unix Tip: GLOBAL SYSTEM PATH SETTINGS
- Unix Tip: KILLING ALL USER PROCESSES
- Unix Tip: NFS HANG FIX ON HP-UX
- Unix Tip: REGEXP MATCHING IN AWK
- Unix Tip: Public Relations
- Unix Tip: CLEANUP AT LOGOUT
- Unix Tip: SPEED UP INTERACTION TIME
- Unix Tip: AWK QUICK COLUMNS
- Unix Tip: MONITORING ROOT IN THE PASSWORD FILE
- Unix Tip: CREATE YOUR OWN GROUP ALIASES
- Unix Tip: KILL X
- Unix Tip: ALTERNATIVE TO CP
-
▼
November
(30)
Tidak ada komentar:
Posting Komentar