OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: daily security run- passwordless acc

daily security run- passwordless accounts

Crist J. Clark (cjccc942873-a.ewndsr1.nj.home.com)
Sun, 29 Aug 1999 13:00:22 -0400 (EDT)

Since someone brought up small, but somewhat annoying, messages that
repeatedly pop up in the default daily security run, I thought I'd add
my own little pet peeve and see if anyone else felt the same way.

As it is setup now, the default /etc/security script (for 3.x, not
2.2.x) checks for "passwordless" accounts by a simple awk command. The
problem I have is that this setup will flag my NIS entries every time,

+:::::::::

Now this _does_ have an empty password in the local master.passwd
file, but that does not mean that the NIS accounts are "passwordless."
NIS users still need passwords.

Made a little modification to /etc/security so that NIS entries are
passed over. Here is the patch,

% diff -u /etc/security.orig /etc/security
--- /etc/security.orig Mon Feb 15 05:45:33 1999
+++ /etc/security Sun Aug 29 12:50:46 1999
-54,7 +54,7
 
 separator
 echo "checking for passwordless accounts:"
-awk -F: '$2=="" {print $0}' /etc/master.passwd
+awk -F: '/^[^\+-]/ && $2=="" {print $0}' /etc/master.passwd
 
 # show denied packets
 if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then

Anyone have strong opinions whether something like that should be made
the default or not? 

-- 
Crist J. Clark                           cjclarkhome.com

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Sun Aug 29 1999 - 11:58:37 CDT