- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Piece of code to find null passwords from /etc...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:14 PM
тАО03-13-2007 09:14 PM
Piece of code to find null passwords from /etc/shadow
I am looking for piece code which helps me to find the list of users with null password [exluding accounts that are locked] on my unix machine with /etc/shadow file. It can be either in C or perl script.....
I got a piece of perl script from perl-doc which works for root user.
$pwd = (getpwuid($<))[1];
$word="";# this is null as checking for null password.
$password=crypt($word, $pwd);
But I don't know how to make use of getpwuid() to find other existing users .
Can anyone please help me to validate null passwords.
Note:
I dont want to block null-passwords, all I want is to find a list of users with weak passwords, mainly null password.
With Advance Thanks,
Prabu.S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:26 PM
тАО03-13-2007 09:26 PM
Re: Piece of code to find null passwords from /etc/shadow
would this not be a security risk to have/run this script ?
I would change the secrity policy, which would lock the account.
You could then use
/usr/lbin/getprpw -m lockout
Which should give to lockout reason:
0 acount enabled
1 in position
1 - password lifetime expired
2 - inactive account
3 - account time disabled
4 - too many login attempts
5 - password required and a null password
6 - admin locked it
7 - * password
- Tags:
- getprpw
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:39 PM
тАО03-13-2007 09:39 PM
Re: Piece of code to find null passwords from /etc/shadow
As part of security measure, I need to do this, not a security issue at all. Once I get the list of users, later I will progress either to lock the user or to raise alarms.... So all I need is to find list of null password...
Hope now you understood my requirement....
Also I need to do this on sun10 OS, I cannot find getprpw utility on solaris box...
Prabu.S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:48 PM
тАО03-13-2007 09:48 PM
Re: Piece of code to find null passwords from /etc/shadow
sorry didn't realise it was Solaris.
Have you looked at:
http://perldoc.perl.org/functions/getpwuid.html
and
http://www.die.net/doc/linux/man/man3/getpwuid.3.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:59 PM
тАО03-13-2007 09:59 PM
Re: Piece of code to find null passwords from /etc/shadow
a "perldoc -f getpwuid" will show you what the getpw* implementations of the namesake C syscalls return in either scalar or list context.
To cycle through all of your box'es accounts one probably would use a getpwent in a while loop.
e.g.
to simply print out accounts that assigned themselves an empty password, you could loop like this
while (my @rec = getpwent) {
print "$rec[0]\n" if (crypt("", substr($rec[1],0,2)) eq $rec[1]);
}
Better yet, you implement a password regime where no one is allowed to get away with empty passwords ;-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 11:37 PM
тАО03-13-2007 11:37 PM
Re: Piece of code to find null passwords from /etc/shadow
logins -p
Another very useful feature:
logins -d
shows users that have the same UID -- very useful to expose a hacker that created another root login.
- Tags:
- logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2007 12:09 AM
тАО03-14-2007 12:09 AM
Re: Piece of code to find null passwords from /etc/shadow
My problem is that when a user tries to set empty password, he types return key alos, so "\n" is considered as password, which is later crypted and stored in /etc/shadow, practically there is a password set, that is "\n", which I should be able to get, logins will not help me to solve this problem.
Hope you understand my problem,
Thanks,
Prabu.S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2007 12:43 AM
тАО03-14-2007 12:43 AM
Re: Piece of code to find null passwords from /etc/shadow
#passwd -s username
If you see an NP in the output that means that there is no password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2007 12:33 AM
тАО03-26-2007 12:33 AM