Re: How to know when was root passwd changed

From: Mike Craik (bovine@btinternet.com)
Date: 03/14/02

• Previous message: Mike Donovan: "RE: Password Question"
• In reply to: NP, Ram (CORP, GEITC): "How to know when was root passwd changed"
• Next in thread: leon: "RE: How to know when was root passwd changed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 14 Mar 2002 20:10:55 +0000
From: Mike Craik <bovine@btinternet.com>
To: security-basics@security-focus.com

"NP, Ram (CORP, GEITC)" wrote:
>
> Now could some one tell me if
> there is a way to find out when(time) was the Root passwd changed. I
> understand one way would be using Tripwire. since we didnt have tripwire
> earlier on the machine is there a way to recover the time.

Hi,
   This information is stored in /etc/shadow.

The third field is the no of days since 1970 that the password was last
changed. e.g. -

bash-2.05# cat /etc/shadow | grep ^root
root:encrypted-honest:11760::::::
                      ^^^^^

You can use the logins command to extract this information, e.g. -

bash-2.05# logins -x -l root
root 0 other 1 Super-User
                        /
                        /sbin/sh
                        PS 031402 -1 -1 -1
                           ^^^^^^
So, I last changed my root password today.

Of course it's quite trivial to change this information, however if this
is a trusted system (if there's such a thing), it may be accurate
enough.

Cheers,
Mike.

---

• Previous message: Mike Donovan: "RE: Password Question"
• In reply to: NP, Ram (CORP, GEITC): "How to know when was root passwd changed"
• Next in thread: leon: "RE: How to know when was root passwd changed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [SLE] root access to user ... KDE Control Center/Desktop/Size and Orientation - if the system is ... fully set up at admin level, all the available screen resolutions are ... and root access is not required. ... with or without the root password. ... (SuSE) Re: Dumb question of the week. ... run "ifconfig" to check on something with my network ... You cannot run that as a normal user because ... That will make you root with the ability to run programs ... which asks for the root password and then, ... (alt.os.linux.suse) Re: Need help cloning drive. (UW 2.1/UW 7.1) ... > Trouble is I don't know the root password. ... > picky about geometry being the same between two drives and dd will most likely ... Geometry shouldn't be an issue at the slice level. ... (comp.unix.sco.misc) Re: Windows or LDAP authentication ... authentication for a network, and Linux servers are being ... Why would a user need root? ... Linux boxes then security might be compromised, ... So that the root password is stored in AD? ... (alt.os.linux.suse) How to know when was root passwd changed ... We have an environment where the root password on a solaris box would be ... understand one way would be using Tripwire. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)