Results 1 to 4 of 4
  1. #1
    Join Date
    Oct 2001

    Tiger 2.2.4p1 Security Audit

    I ran a security Audit on my RH 7 server and it found problems with my /etc/passwd file.

    It says the accounts are disabled but still have valid shells. If it was one or 2 I would just fix it but it says that for ALL the accounts listed. I do shadow the paswords to /etc/shadow and from viewing that file it looks normal. All normal users have no problem logging in... Here is an example entry... this is the root entry and I can log in as root and do stuff normally expected of the root account.

    # Performing Check of user account .....
    #Checking Accounts from /etc/passwd
    --WARN-- [acc001w] Login ID root is disabled, but still has a valid shell

    Here is the root entry in /etc/passwd:


    It also checked the passwd files and the group files and reported no problems....

    I ran pwck and it reported no problems with the shadow or the passwd....

    Any suggestions as to why Tiger is reporting this?

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Is there an option within Tiger to tell it to look for /etc/shadow as the password file, rather than /etc/passwd? It's possible that because you use (as most linux distros do nowadays) /etc/shadow that Tiger thinks the accounts are disabled (due to the user:x:100 etc) style of the /etc/passwd file. It knows that a single character isn't a valid password hash, so it thinks the account has been disabled. See if there's options to enable checking of /etc/shadow, or see if there's mention of it anywhere in the documentation. If not, try contacting their support or whomever developed it, and see if they can give you a straight answer.

    Most likely, it's the /etc/shadow thing throwing the auditing software off.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    When tiger says that an account is disabled, it normally means that the password is in a shadow file. Since the /etc/passwd file is readable by all, that is a good thing. The reason it says that it still has a valid shell is because there is still the /bin/bash part of the file. Certain accounts should be completely disabled, and NOT have a valid shell. I believe that tiger is just giving you a warning about your current state. It isn't saying that you have to fix something, it is just saying to make sure you look into it.

    Then again, I haven't used tiger in a long time, so I could be mistaken.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Join Date
    Oct 2001
    Thanks guys... I couldn't find any documentation on it. I was thinking along the lines of what chsh said but I wanted to be sure. I guess I assumed that the makers of Tiger would have assumed that there was a shadow file for passwords. I did check the password checking script and it apparently it tries to merge the files for a Crack run then saves that file. I don't use or need crack for what I need on this server becasue I know all the passwords.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts