Date: Wed, 04 Mar 2015 18:12:32 +0000 From: Arthur Chance <freebsd@qeng-ho.org> To: zep <zgreenfelder@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Check root password changes done via single user mode Message-ID: <54F74B10.7090901@qeng-ho.org> In-Reply-To: <54F7351A.4010900@gmail.com> References: <54F56A83.3000404@gmail.com> <CA%2ByaQw_3JJ2tJm32or-UmSpfMFo_jCn_JD1xFw=1E9i9K2reDg@mail.gmail.com> <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org> <54F71117.7050606@gmail.com> <54F71E2F.1000705@qeng-ho.org> <54F73455.5080509@gmail.com> <54F7351A.4010900@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/03/2015 16:38, zep wrote: > > > On 03/04/2015 11:35 AM, Ricardo MartÃn wrote: >> At this point you might want to review the original post again. >> It's a simple and specific request for comments about whether if its >> feasible to somehow flag a root's password reset in SUM. >> No more, no less. >> > > perhaps you should review the responses. the short answer is 'sort > of, but not really the way you seem want to; also it's a bit of a fool's > errand and whoever pointed you down this path doesn't like you very much'. > I'd agree with that. :-) If someone has simply changed the root password and done nothing else it's trivial to detect that it's changed - the daily periodic password backup will do that and it's enabled by default. You might also be able to decide whether it happened during multi- or single- user mode based on the modification time of the password file. If the person who changed it doesn't want you to find out it's changed, you are going to have a learning experience. -- Those who do not learn from computing history are doomed to GOTO 1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54F74B10.7090901>