Passwd File Problems
In this example, we report passwd file problems.
The PasswdFileProblems script might send an alert message like the following:
PIKT ALERT
Mon Jan 28 20:49:19 2002
rouen
URGENT:
PasswdFileProblems
Report passwd file problems
User alsuen has NO PASSWORD!
The script follows.
PasswdFileProblems
init
status =piktstatus
level =piktlevel
task "Report passwd file problems"
input proc "=sort -t: +2n =passwd"
seps ":"
=passwddata
begin
set #crisis = #false()
#ifdef page
set $pagemsg = "$hostname() urgent passwd problem (see alert email)"
#endifdef
rule // non-root uid 0s
if $uid eq "0"
&& $uname ne "root"
output mail "User $uname has UID OF 0!"
output syslog "User $uname has UID OF 0!"
set #crisis = #true()
endif
rule // no password
if $password eq ""
output mail "User $uname has NO PASSWORD!"
output syslog "User $uname has NO PASSWORD!"
if $uname eq "root"
set #crisis = #true()
endif
endif
end // drastic change in /etc/passwd file size
// by setting the =deviated() percentage to 0%, could also
// report *any* change in /etc/passwd file size
set #lines = #innum()
if =deviated(lines, 20%)
output mail "the size of /etc/passwd has changed
by >= 20%, was $text(%lines) lines,
is now $text(#lines)"
set #crisis = #true()
endif
#ifdef page
if #crisis
# if missioncritical
=page($pagemsg, =pagesysadmins, =allhours(#now()))
# else
=page($pagemsg, =pagesysadmins, ! =offhours(#now()))
# endif
endif
#endifdef
This is just one program example. You could add rules, or write new scripts, for example to report: frozen (starred out) accounts, accounts with missing uid or gid, duplicate uids, non-existent gids, empty gecos fields, non-existent home directories or shells, password changes for certain key accounts, illegal user names, malformed lines, etc.
For more examples, see Samples.
