April 2nd, 2002, 05:19 PM
Tiger 2.2.4p1 Security Audit
I ran a security Audit on my RH 7 server and it found problems with my /etc/passwd file.
It says the accounts are disabled but still have valid shells. If it was one or 2 I would just fix it but it says that for ALL the accounts listed. I do shadow the paswords to /etc/shadow and from viewing that file it looks normal. All normal users have no problem logging in... Here is an example entry... this is the root entry and I can log in as root and do stuff normally expected of the root account.
# Performing Check of user account .....
#Checking Accounts from /etc/passwd
--WARN-- [acc001w] Login ID root is disabled, but still has a valid shell
Here is the root entry in /etc/passwd:
It also checked the passwd files and the group files and reported no problems....
I ran pwck and it reported no problems with the shadow or the passwd....
Any suggestions as to why Tiger is reporting this?
April 2nd, 2002, 06:00 PM
Is there an option within Tiger to tell it to look for /etc/shadow as the password file, rather than /etc/passwd? It's possible that because you use (as most linux distros do nowadays) /etc/shadow that Tiger thinks the accounts are disabled (due to the user:x:100 etc) style of the /etc/passwd file. It knows that a single character isn't a valid password hash, so it thinks the account has been disabled. See if there's options to enable checking of /etc/shadow, or see if there's mention of it anywhere in the documentation. If not, try contacting their support or whomever developed it, and see if they can give you a straight answer.
Most likely, it's the /etc/shadow thing throwing the auditing software off.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
April 2nd, 2002, 06:59 PM
When tiger says that an account is disabled, it normally means that the password is in a shadow file. Since the /etc/passwd file is readable by all, that is a good thing. The reason it says that it still has a valid shell is because there is still the /bin/bash part of the file. Certain accounts should be completely disabled, and NOT have a valid shell. I believe that tiger is just giving you a warning about your current state. It isn't saying that you have to fix something, it is just saying to make sure you look into it.
Then again, I haven't used tiger in a long time, so I could be mistaken.
\"Ignorance is bliss....
but only for your enemy\"
April 2nd, 2002, 07:09 PM
Thanks guys... I couldn't find any documentation on it. I was thinking along the lines of what chsh said but I wanted to be sure. I guess I assumed that the makers of Tiger would have assumed that there was a shadow file for passwords. I did check the password checking script and it apparently it tries to merge the files for a Crack run then saves that file. I don't use or need crack for what I need on this server becasue I know all the passwords.