#!/bin/sh
#
# @(#)sec_ckpwd v1.03
#
#
# Description: Checks the password file for changes and mails any
# changes to designated persions. This script needs
# to be run as root. And can be either manually or
# submitted nightly via a cron entry.
#
# Usage: sec_ckpwd
#
MAILTO="user1@domain.com user2@domain.com"
PASSWD=/etc/passwd
SEC_PATH=/ssi;export SEC_PATH
SHADOW=/etc/shadow
USER_ID=`id|sed 's/uid=//;s/(.*//'`
###
### FUNCTION SECTION.
###
process_files()
{
umask 077
# The following takes care of merging the shadow password information
# into a temporary password file.
sort -t: +0 -1 $PASSWD > /tmp/passwd
sort -t: +0 -1 $SHADOW |
join -1 1 -2 1 -o 2.1,1.2,2.3,2.4,2.5,2.6,2.7 -t: - /tmp/passwd \
> $SEC_PATH/tmp_passwd
rm -f /tmp/passwd
# Move to where the merged passwd file is located.
cd $SEC_PATH
echo ">>>> Password File Check For: `uname -n`"
echo ">>>> As Of: `date`\n"
echo "**** Accounts Without Passwords:\n"
grep '^[^:]*::' $SEC_PATH/tmp_passwd
if [ $? -eq 1 ] # grep found no matches
then echo "None found."
fi
echo ""
echo "**** Non-Root UID=0 Or GID=0 Accounts:\n"
grep ':00*:' $SEC_PATH/tmp_passwd | \
awk -F: 'BEGIN {n=0}
$1!="root" && $1!="smtp" {print $0; n=1}
END {if (n==0) print "None found."}'
echo ""
# Sort the temporary passwd file. This file is used for comparison.
sort < $SEC_PATH/tmp_passwd > $SEC_PATH/tmp1
# Check for sorted saved passwd file. If it doen't exist, create it.
if [ ! -f "$SEC_PATH/sec_spf" ]
then cp $SEC_PATH/tmp1 $SEC_PATH/sec_spf
chmod 444 $SEC_PATH/sec_spf
chown root $SEC_PATH/sec_spf
chgrp root $SEC_PATH/sec_spf
fi
# Sort the saved password file.
sort < $SEC_PATH/sec_spf > $SEC_PATH/tmp2
# Check for saved saved shadow file. If it doesn't exist, create it.
if [ ! -f "$SEC_PATH/sec_ssf" ]
then cp /etc/shadow $SEC_PATH/sec_ssf
chmod 400 $SEC_PATH/sec_ssf
chown root $SEC_PATH/sec_ssf
chgrp root $SEC_PATH/sec_ssf
fi
echo "**** Accounts Added:\n"
comm -23 tmp[1-2] # lines only in /etc/passwd
echo "\n**** Accounts Deleted:\n"
comm -13 tmp[1-2] # lines only in saved passwd file
# Remove the temporary files created by this script.
rm -f $SEC_PATH/tmp[1-2] $SEC_PATH/sec_passwd
# Compare the current files against previously saved files to
# determine if the permissions have been modified.
echo "\n**** Password File Protection:\n"
one=`ls -l $SEC_PATH/sec_spf | \
awk '{print $1 ":" $2 ":" $3 ":" $4}'`
two=`ls -l /etc/passwd | awk '{print $1 ":" $2 ":" $3 ":" $4}'`
three=`ls -l $SEC_PATH/sec_ssf | \
awk '{print $1 ":" $2 ":" $3 ":" $4}'`
four=`ls -l /etc/shadow | awk '{print $1 ":" $2 ":" $3 ":" $4}'`
if [ $one != $two ];
then echo "The Passwd File Permissions Have Changed!!!"
else echo "The Passwd File Permissions Are O.K."
fi
if [ $three != $four ];
then echo "The Shadow File Permissions Have Changed!!!"
else echo "The Shadow File Permissions Are O.K."
fi
echo "\n>>> End Of Report.\n"
}
###
### PROCEDURE SECTION.
###
# Verify the script is running as root. If it is then continue
# and mail the results to the appropriate administrator(s).
if [ $USER_ID != '0' ]
then mailx -s "sec_ckpwd for `uname -n` - Aborted!" $MAILTO \
>/dev/null <<!
The $SEC_PATH/sec_ckpwd script for `uname -n` aborted! The user must be root.
!
exit 1
else process_files |
mailx -s "sec_ckpwd for `uname -n` - Completed." \
$MAILTO >/dev/null
fi
