I ran a security Audit on my RH 7 server and it found problems with my /etc/passwd file.

It says the accounts are disabled but still have valid shells. If it was one or 2 I would just fix it but it says that for ALL the accounts listed. I do shadow the paswords to /etc/shadow and from viewing that file it looks normal. All normal users have no problem logging in... Here is an example entry... this is the root entry and I can log in as root and do stuff normally expected of the root account.

# Performing Check of user account .....
#Checking Accounts from /etc/passwd
--WARN-- [acc001w] Login ID root is disabled, but still has a valid shell

Here is the root entry in /etc/passwd:

root:x:0:0:root:/root:/bin/bash

It also checked the passwd files and the group files and reported no problems....

I ran pwck and it reported no problems with the shadow or the passwd....

Any suggestions as to why Tiger is reporting this?

Is there an option within Tiger to tell it to look for /etc/shadow as the password file, rather than /etc/passwd? It's possible that because you use (as most linux distros do nowadays) /etc/shadow that Tiger thinks the accounts are disabled (due to the user:x:100 etc) style of the /etc/passwd file. It knows that a single character isn't a valid password hash, so it thinks the account has been disabled. See if there's options to enable checking of /etc/shadow, or see if there's mention of it anywhere in the documentation. If not, try contacting their support or whomever developed it, and see if they can give you a straight answer.

Most likely, it's the /etc/shadow thing throwing the auditing software off. :)

When tiger says that an account is disabled, it normally means that the password is in a shadow file. Since the /etc/passwd file is readable by all, that is a good thing. The reason it says that it still has a valid shell is because there is still the /bin/bash part of the file. Certain accounts should be completely disabled, and NOT have a valid shell. I believe that tiger is just giving you a warning about your current state. It isn't saying that you have to fix something, it is just saying to make sure you look into it.

Then again, I haven't used tiger in a long time, so I could be mistaken.

Thanks guys... I couldn't find any documentation on it. I was thinking along the lines of what chsh said but I wanted to be sure. I guess I assumed that the makers of Tiger would have assumed that there was a shadow file for passwords. I did check the password checking script and it apparently it tries to merge the files for a Crack run then saves that file. I don't use or need crack for what I need on this server becasue I know all the passwords.