tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
duplicate uid warning in daily security check
Hi,
I have a few intentional duplicate UIDs, and the daily warning is
annoying me. Proposed fix: make a configurable list of user ids that
aren't considered for the purpose of duplicate uid detection, and adjust
/etc/security to fit.
This gives us a new entry in defaults listing "toor":
RCS file: /cvsroot/src/etc/defaults/security.conf,v
retrieving revision 1.23
diff -u -u -r1.23 security.conf
--- defaults/security.conf 5 Feb 2010 16:29:02 -0000 1.23
+++ defaults/security.conf 4 Apr 2012 20:46:16 -0000
@@ -41,6 +41,7 @@
check_passwd_nowarn_shells="/sbin/nologin"
check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
check_passwd_permit_star=NO
check_passwd_permit_nonalpha=NO
max_loginlen=16
and:
RCS file: /cvsroot/src/etc/security,v
retrieving revision 1.110
diff -u -u -r1.110 security
--- security 2 Mar 2011 17:00:28 -0000 1.110
+++ security 4 Apr 2012 20:46:16 -0000
@@ -287,14 +287,18 @@
column $OUTPUT
fi
-# To not exclude 'toor', a standard duplicate root account, from the duplicate
-# account test, uncomment the line below (without egrep in it)and comment
-# out the line (with egrep in it) below it.
-#
-# < $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
- < $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+ awk -v "permit_dups_list=$check_passwd_permit_dups" \
+ '
+ BEGIN {
+ split(permit_dups_list, a);
+ for (i in a) permit_dups[a[i]]++;
+ }
+ {
+ if (!permit_dups[$1])
+ print $2;
+ }' < $MPBYUID | uniq -d > $TMP2
if [ -s $TMP2 ] ; then
- printf "\n$MP has duplicate user id's.\n"
+ printf "\n$MP has duplicate user ids.\n"
while read uid; do
grep -w $uid $MPBYUID
done < $TMP2 | column
Comments?
regards,
spz
--
spz%serpens.de@localhost (S.P.Zeidler)
Home |
Main Index |
Thread Index |
Old Index