User Accounts tips
For the next several posts I want to focus in on user accounts and the user environment. Most of what I want to cover is how to ensure that your system is safe from users going beyond what they are authorized to do within the system. Some of the tips will be ensuring that proper expiration paramters are set for user accounts other tips will help verify that users can't access other resources within a system that they don't have permissions to access.
The first tip is to go through the /etc/password file and verify that there are no user accounts that don't belong and system accounts are not being misused. There is one command that helps here: finger 'sort /etc/passwd | cut -f1 ":"' | less. The finger command displays information relating to the last time an account was used. This command lists each user ID and checks the last login time. Note the single quotes are back ticks. The back tick is found with the tilde (~).
The Linux system also has a utility which will display the last time someone logged in called lastlog that displays the last time a user logged in. The command to use this is simply lastlog.
These commands will list when the last time someone logged into an account, accounts which haven't been used should be checked into whether they still need to exist or not. Also system accounts should never show someone logging into them. If you do show system accounts with a log in the first thing to do is verify there is no shell available for system accounts and if there is change the shell to /dev/null. Changing a shell to /dev/null will prevent any user from using a system account to log into the system and be given root privileges.
Finally, the command pwck should be ran to check for basic integrity, such as ensuring the right number of fields are present and that each name is uniquely identified. For the group file, use grpck.
The first tip is to go through the /etc/password file and verify that there are no user accounts that don't belong and system accounts are not being misused. There is one command that helps here: finger 'sort /etc/passwd | cut -f1 ":"' | less. The finger command displays information relating to the last time an account was used. This command lists each user ID and checks the last login time. Note the single quotes are back ticks. The back tick is found with the tilde (~).
The Linux system also has a utility which will display the last time someone logged in called lastlog that displays the last time a user logged in. The command to use this is simply lastlog.
These commands will list when the last time someone logged into an account, accounts which haven't been used should be checked into whether they still need to exist or not. Also system accounts should never show someone logging into them. If you do show system accounts with a log in the first thing to do is verify there is no shell available for system accounts and if there is change the shell to /dev/null. Changing a shell to /dev/null will prevent any user from using a system account to log into the system and be given root privileges.
Finally, the command pwck should be ran to check for basic integrity, such as ensuring the right number of fields are present and that each name is uniquely identified. For the group file, use grpck.
<< Home