Search This Blog

Sunday, March 22, 2009

Search for all account without password and lock them

Search for all account without password and lock them
For security, reason it is necessary to disable all account(s) with no password and lock them down. Solaris, Linux and FreeBSD provide account locking (unlocking) facility.

Lock Linux user account with the following command:
passwd -l {user-name}

Solaris UNIX display password status
passwd -u {user-name}-l : This option disables an account by changing the password to a value, which matches no possible encrypted value.

Lock FreeBSD user account with the following command:
pw lock {username}FreeBSD unlocking the account use:
pw unlock {username}Lock Solaris UNIX user account with the following command:
passwd -l {username}Lock HP-UX user account with the following command:
passwd -l {username}For unlocking the HP-UX account you need to edit /etc/passwd file using text editor (or use SAM):

vi /etc/passwd However, how will you find out account without password? Again, with the help of 'passwd -s' (status) command you can find out all passwordless accounts.

Linux display password status
passwd -S {user-name}Where,
-S : Display account status information. The status information consists of total seven fields. The second field indicates the status of password using following format:

•L : if the user account is locked (L)
•NP : Account has no password (NP)
•P: Account has a usable password (P)
# passwd -S radminradmin P 10/08/2005 0 99999 7 -1

Solaris UNIX display password status
passwd -s {user-name}Where,
-s : Display account status information using following format:

•PS : Account has a usable password
•LK : User account is locked
•NP : Account has no password
FreeBSD
I have already written about small awk one line approach to find out all passwords less accounts.

Automated Scripting Solution
However, in real life you write a script and execute it from cron job. Here is small script for Linux:

#!/bin/shUSERS="$(cut -d: -f 1 /etc/passwd)"for u in $USERSdopasswd -S $u | grep -Ew "NP" >/dev/nullif [ $? -eq 0 ]; thenpasswd -l $ufidoneFreeBSD script:

#!/bin/bashUSERS="$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}'/etc/master.passwd | cut -d: -f1)"for u in $USERSdopw lock $udoneSun Solaris script:

#!/bin/shUSERS=`passwd -sa | grep -w NP | awk '{ print $1 }'`for u in $USERSdopasswd -l $udone
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)