Re: FW: local auditing tools
From: Brian (focus-linux@tracking.zerobelow.org)Date: 01/03/02
- Previous message: egrejda@medebiz.net: "Re: Locking Down a Linux Box"
- Maybe in reply to: Ryan Yagatich: "local auditing tools"
- Next in thread: Scott Nursten: "FW: local auditing tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jan 2002 14:29:56 -0800 (PST) From: Brian <focus-linux@tracking.zerobelow.org> To: ryany@pantek.com
> -i.e. accounts that are `grep ':0:' /etc/passwd
I keep seeing people doing greps for ':0:'. Are the "bad-guys" that stupid
to not try doing stuff like ':00:' or ': 0:' ? (Both work for root on at
least a RedHat 7.2 box...)
You might need to run this as a perl or awk script and and force
evaluation as an integer (perhaps by adding 0), then compare that integer
to the integer 0. In short, you dont want to compare the string :0: , you
want to compare the integer in the third field to the integer 0.
--brian
- Previous message: egrejda@medebiz.net: "Re: Locking Down a Linux Box"
- Maybe in reply to: Ryan Yagatich: "local auditing tools"
- Next in thread: Scott Nursten: "FW: local auditing tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
