From owner-freebsd-questions@FreeBSD.ORG Tue Mar 3 09:20:30 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3D252E5 for ; Tue, 3 Mar 2015 09:20:30 +0000 (UTC) Received: from mail-wi0-x242.google.com (mail-wi0-x242.google.com [IPv6:2a00:1450:400c:c05::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BDBF6A5D for ; Tue, 3 Mar 2015 09:20:29 +0000 (UTC) Received: by widfb4 with SMTP id fb4so637452wid.2 for ; Tue, 03 Mar 2015 01:20:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type; bh=mNkqt9HhhHksSf48eMgLIbQbkodbxspatqRB4grzbMM=; b=RQU0K9RbPD+JcR4CqDbZJFgNh04VVbF3KoyCf62sIYju0keJ/4aqZ5k3h25aAN60+1 KQIwNH2vM8nlUrEznSR+zMlH/DDe5FTD9EZC47emBJvrAFo0UALj8DMbohuMJX4aJUd+ iu+4HgO8Eaun8VYXz0mYS7WOMSSWc0zQV1F20Jw2dfoOR1eThTvsRNyGdyqMe0f9tAB0 gBq3qr0/PRZh2M1ljUifPuR92Eiw+RZ6BkR/zaYSnEQE+GitCEQ/Ds4OqUJhKcXsdYvc wo7V8iZqgfYLn+7B+AIXUL1w3j9yvkXhknzO8KHUe6xXSuw9BEGYP3fff5ZgWkk18M5u dpLA== X-Received: by 10.180.99.34 with SMTP id en2mr730916wib.81.1425374428252; Tue, 03 Mar 2015 01:20:28 -0800 (PST) Received: from [192.168.1.100] (124.22.20.95.dynamic.jazztel.es. [95.20.22.124]) by mx.google.com with ESMTPSA id dn7sm4548749wid.12.2015.03.03.01.20.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Mar 2015 01:20:27 -0800 (PST) Message-ID: <54F57CD9.2000707@gmail.com> Date: Tue, 03 Mar 2015 10:20:25 +0100 From: =?windows-1252?Q?Ricardo_Mart=EDn?= Reply-To: fluxwatcher@gmail.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.4.0 MIME-Version: 1.0 To: Daniel Peyrolon , freebsd-questions@freebsd.org Subject: Re: Check root password changes done via single user mode References: <54F56A83.3000404@gmail.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2015 09:20:30 -0000 Indeed, that would be a way of checking the password change, but I was more interested in whether such a change could be flagged as being carried out from single user mode. Or in another words whether the root's passwords has been reset accessing the machine during the boot process. On 03/03/15 09:50, Daniel Peyrolon wrote: > What I would do is storing a copy of root's password hash somewhere, and > compare it with the recent one. > The hash can be read at master.passwd (check passwd(5)). > > El mar., 3 de marzo de 2015 a las 9:02, Ricardo Martín (< > fluxwatcher@gmail.com>) escribió: > >> hi all, >> >> wondering which would be the best approach to script check if the root >> password has been changed via single user mode. >> >> tia >> >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" >>