topic Re: Root user list in Secure OS Software for Linux

Root user list

Venkatesh_16 — Wed, 08 Apr 2009 03:51:34 GMT

Hi there,

Is there is a command-line or script available which can generate a report of all accounts with root user equivalent privileges in Linux(SUSE and Redhat) setup, with added information on which machine the id resides., etc?

Thanks,
Venkatesh

Re: Root user list

Hemmetter — Wed, 08 Apr 2009 05:43:53 GMT

Hi

accounts that privileges equal root have uid 0. So you can find them like

# awk -F: '{ if ( $3==0 ) print $1 " " $5 }' /etc/passwd

this will print accountname "$1" and comment field "$5" of password file foreach uid-zero account.

Put it into a file e.g. "uid0.awk" and execute it on all your systems.

for H in $HOSTLIST; do
scp uid0.awk ${H}:/tmp/
echo "Host: $H"
ssh -x $H "sh /tmp/uid0.awk"
done

This may be a starting point for your.

rgds
HGH

Re: Root user list

Frank de Vries — Wed, 08 Apr 2009 09:10:05 GMT

Another appoach is to use uname -n
to get the machine name in your script

uname -n
grep :0: passwd | awk -F ":" '{ print $1 '}

I assume you know how to cook the script,
otherwise let us know - we help

Re: Root user list

Ivan Ferreira — Wed, 08 Apr 2009 12:30:04 GMT

>>> all accounts with root user equivalent privileges

This should include a report of SUDO users, and a list of users who knows the root password and can su to root (or member of the wheel group if su has been restricted.