Free script Again

Paula J Frazer-Campbell · ‎08-16-2002

Hi

Got more than one root level user or other system dependant upon the root password.

A little script to monitor root password for a change :-

All donations to 07/11 fund.

#!/bin/ksh
##################################################
# Monitor of changes to root login
# PJFC 2001
##################################################
# Check carried out against $a as defined below
# 'a' Should be whole of current root entry in /etc/passwd
# Copy and paste it on the line below.
a=root:bbtu9S2dwAMWM:0:3:AVRO:/:/sbin/sh
##################################################
# Get current root entry line from passwd
# Use grep ???v to exclude other users like rootaw
b=`cat /etc/passwd | grep -v gdr | grep -v rootaw | grep root | awk '{print $1}'`
##################################################
# Check for new file by comparing dates
if [[ $a != $b ]]
then
##################################################
# If root entry has changed then warn
# Mail to desktop
mailx -s "WARNING - WARNING N0 Root login has changed " paula@avro.co.uk # Mail to phone
mailx -s "WARNING - WARNING N0 Root login has changed " 07956610410@one2one.net fi

Paula

If you can spell SysAdmin then you is one - anon

Paula J Frazer-Campbell · ‎08-16-2002

The bit:-

WARNING - WARNING N0 Root login has changed

N0 (N Zero is a server name)

paula

If you can spell SysAdmin then you is one - anon

BFA6 · ‎08-16-2002

Looks good, need to start monitoring this here.

Thanks,

Hilary

Justo Exposito · ‎08-16-2002

Hi Paula,

Good work!

Only one improvement, try with this in order to solve the problem with users like rootaw:
# Get current root entry line from passwd
# Use grep ???v to exclude other users like rootaw
b=`cat /etc/passwd | grep "^root:" | awk '{print $1}'`

Regards,

Justo.

Help is a Beatiful word

Justo Exposito · ‎08-16-2002

Hi Paula,

I am studying your script and if you only want to check the password and not all the line you can check only the second field in the passwd file with this:
#!/bin/ksh
##################################################
# Monitor of changes to root login
# PJFC 2001
##################################################
# Check carried out against $a as defined below
# 'a' Should be whole of current root entry in /etc/passwd
# Copy and paste it on the line below.
a=bbtu9S2dwAMWM
##################################################
# Get current root entry line from passwd
# Use grep ???v to exclude other users like rootaw
b=`cat /etc/passwd | grep "^root:" | cut -d":" -f2`
##################################################
# Check for new file by comparing dates
if [[ $a != $b ]]
then
##################################################
# If root entry has changed then warn
# Mail to desktop
mailx -s "WARNING - WARNING N0 Root login has changed " paula@avro.co.uk # Mail to phone
mailx -s "WARNING - WARNING N0 Root login has changed " 07956610410@one2one.net fi

Regards,

Justo.

Help is a Beatiful word

Chris Wilshaw · ‎08-16-2002

A suggestion, and a problem

suggestion: rather than having the root entry line in the file, create another file eg:

/etc/r_pw

with read only access for root, then use

a=`cat /etc/r_pw`

This way, you can have a standard script for use on a number of systems, rather than having to hard code the entry on every one that you run.

problem: it won't work on a trusted system

Paula J Frazer-Campbell · ‎08-16-2002

Hi Guys/Gals

Yes of couse there are other ways to do/enance somthing.

The script works in its current state.

I was giving away the concept.

Do what you wish with it.

;^)

Paula

If you can spell SysAdmin then you is one - anon

Justo Exposito · ‎08-16-2002

Hi Paula,

Sorry, yep the script works fine.

Only ideas;-(

Regards,

Justo.

Help is a Beatiful word

Paula J Frazer-Campbell · ‎08-16-2002

Hi Justo

I was not upset, I just thought I would clarify why I placed the idea on the forum.

All comments/enhancements are most welcome.

I am not a scripting GURU but normally I can find a way to do what I want.

;^)

Paula

If you can spell SysAdmin then you is one - anon

Pete Randall · ‎08-16-2002

Paula,

How about a simple ThankYou with no whining:

Thankyou!

Pete

Pete

Paula J Frazer-Campbell · ‎08-16-2002

Hi Pete

I was not at all upset / whining, no was I having a go at anyone.

As I said I was giving the concept away and I am most receptive to suggestions.

;^)

Paula

If you can spell SysAdmin then you is one - anon

Justo Exposito · ‎08-16-2002

Hi Paula,

As Pete tell you, THANK YOU.

Cheers,

Justo.

Help is a Beatiful word

Justo Exposito · ‎08-16-2002

Hi Again,

Another sugestion...

Use the command crypt in order to encrypt your old passwd.

Regards,

Justo.

Help is a Beatiful word

H.Merijn Brand (procura · ‎08-16-2002

I was just enjoying this thread to see what the reactions would be. *DO* people actually use this: Yes, What would they change? Many ideas pop up after reading it.

What would happen if /etc/passwd looks like:

xoot:bbtu9S2dwAMWM:0:3:AVRO:/:/sbin/sh
root:bbtu9S2dwAMWM:1:3:AVRO:/:/sbin/sh

Would it make a system unusable? Or can we just continue as xoot?

FWIW I'm not the one to try out :)

Some thought about general efficiency

*WHY* do people use 'cat file | filter' instead of 'filter < file' ?

It's just an extra unneeded process

b=`grep '^root:.*:0:' /etc/passwd`

just another ??? 0.01 (which will probably just disappear soon)

Enjoy, Have FUN! H.Merijn

Paula J Frazer-Campbell · ‎08-16-2002

Hi Justo

Not with you on the cript bit.

Do you meaan cript the a=

Paula

If you can spell SysAdmin then you is one - anon

Pete Randall · ‎08-16-2002

Paula,

I know you weren't upset - I was just "not looking a gift horse in the mouth".

Pete

Pete

Paula J Frazer-Campbell · ‎08-16-2002

Hi

What a wonderful expression:-

"not looking a gift horse in the mouth"

Derives from the days before automotive transport, and the way you can tell the age/ condition of a horse was by looking in its mouth - so if anyone gave you a horse as a gift it was very inpolite to look in its mouth.

TGIF

Paula

If you can spell SysAdmin then you is one - anon

Paula J Frazer-Campbell · ‎08-16-2002

Hi

Enhancement to pull password from root entry using above suggestions.

b= `grep '^root:.*:0:' /etc/passwd | cut -d":" -f2`

Thanks guys

If you can spell SysAdmin then you is one - anon

Justo Exposito · ‎08-16-2002

Hi Paula,

No, I just thinking to use the Chris recomendations about to put the old password in a file, then use the rights and the crypt in order to put in a safe place.

In Spanish:

"not looking a gift horse in the mouth"
"A caballo regalado no le mires el diente"

;^D

Regards,

Justo.

Help is a Beatiful word

Pete Randall · ‎08-16-2002

Specifically you would check the number/condition of the horse's teeth, I believe.

Pete

Pete

Paula J Frazer-Campbell · ‎08-16-2002

Just hope you are never given a shark.

Someone on the forum - I cannot remember who.

If you can spell SysAdmin then you is one - anon

Pete Randall · ‎08-16-2002

Now that's looking a gift shark in the mouth!!! Up close and personal!

Pete

Pete

Justo Exposito · ‎08-16-2002

About Horses and other things...

In Spanish:
"Menos da una piedra"
In English:
"Less than this give you a Stone"

Justo.

Help is a Beatiful word

Ceesjan van Hattum · ‎08-16-2002

Hi Paula,
It's a good one.. but can i fool around a bit?

Why not save $b into $HOME/.root.passwd. This way, you do not need to paste/edit $a into you script each time.
a=`cat $HOME/.root.passwd`
b=`cat /etc/passwd ...`
if [[ $a!=$b ]]
then mailx
echo $a > $HOME/.root.passwd
fi

Secondly, if you want to loggin as root, but you can't, one should first reads its mail. Maybe an idea to put the same warning in /etc/issue or something like it?

And last, what about:
b=`grep root /etc/passwd | grep -v rootaw| grep -v gdr | cut f1`
This save one pipe '|' and one awk-shell ,therefor more fast and less resources.

Don't see this as critisism, i'm just postponing my work here...

Greetings
Ceesjan

Jordan Bean · ‎08-16-2002

I like to simplify by using pwget.

#!/usr/bin/sh
fpwsave=~root/.pw.save
pwget -n root | read pwcurr
if [ -s $fpwsave ]
then
read pwsave < $fpwsave
if [ "$pwcurr" != "$pwsave" ]
then
echo "$pwsave" > $fpwsave.old
echo "$pwcurr" > $fpwsave
mailx -s "WARNING: $(hostname) root login modified!" list,of,recipients < /dev/null
fi
else
echo "$pwcurr" > $fpwsave
chmod 400 $fpwsave
fi

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Free script Again

Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again

Re: Free script Again