Re: FW: local auditing tools

From: Brian (
Date: 01/03/02

Date: Thu, 3 Jan 2002 14:29:56 -0800 (PST)
From: Brian <>

> -i.e. accounts that are `grep ':0:' /etc/passwd

I keep seeing people doing greps for ':0:'. Are the "bad-guys" that stupid
to not try doing stuff like ':00:' or ': 0:' ? (Both work for root on at
least a RedHat 7.2 box...)

You might need to run this as a perl or awk script and and force
evaluation as an integer (perhaps by adding 0), then compare that integer
to the integer 0. In short, you dont want to compare the string :0: , you
want to compare the integer in the third field to the integer 0.


Relevant Pages

  • Re: Comparing files with regular expressions
    ... that matches the exclude file from the complete file (which I'm hoping ... filehandles will be closed by Perl when it finishes processing the script. ... familiar to you than Perl or any other programming language then use that. ... you had only two sheets of paper to compare, ...
  • context bug / patch
    ... tom@mo perl $ cat ... my ($dir, @compare, $count); ... true and the context isn't void (assuming $void is set if the call is made ...
  • Re: how are these two strings not equal?
    ... perl 5.10 on Windows 2003 Server, ... TextPad and then run "compare files", ... return $res; ... Maybe some spaces are tabs or vice ...
  • Re: Useless use of array element in void context
    ... I need to compare two strings, which start with a different date, than ... I made a split on white space, to compare them. ... Perl is warning you that this is probably not what you wanted. ... This is not a syntax check. ...
  • Re: Hashes of hashes or just one hash ?
    ... now i have 2 files like this that i want to compare. ... using a single hash with a long key name.. ... and about 6-7 mins using a 32bit linux machine. ... perl in 21 days :-) sam's way). ...