Date: Sun, 29 Aug 1999 13:00:22 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: freebsd-security@freebsd.org Subject: daily security run- passwordless accounts Message-ID: <199908291700.NAA05209@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
Since someone brought up small, but somewhat annoying, messages that
repeatedly pop up in the default daily security run, I thought I'd add
my own little pet peeve and see if anyone else felt the same way.
As it is setup now, the default /etc/security script (for 3.x, not
2.2.x) checks for "passwordless" accounts by a simple awk command. The
problem I have is that this setup will flag my NIS entries every time,
+:::::::::
Now this _does_ have an empty password in the local master.passwd
file, but that does not mean that the NIS accounts are "passwordless."
NIS users still need passwords.
Made a little modification to /etc/security so that NIS entries are
passed over. Here is the patch,
% diff -u /etc/security.orig /etc/security
--- /etc/security.orig Mon Feb 15 05:45:33 1999
+++ /etc/security Sun Aug 29 12:50:46 1999
@@ -54,7 +54,7 @@
separator
echo "checking for passwordless accounts:"
-awk -F: '$2=="" {print $0}' /etc/master.passwd
+awk -F: '/^[^\+-]/ && $2=="" {print $0}' /etc/master.passwd
# show denied packets
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then
Anyone have strong opinions whether something like that should be made
the default or not?
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908291700.NAA05209>