Passwd File Problems
In this example, we report passwd file problems.
The PasswdFileProblems script might send an alert message like the following:
PIKT ALERT Mon Jan 28 20:49:19 2002 rouen URGENT: PasswdFileProblems Report passwd file problems User alsuen has NO PASSWORD!
The script follows.
PasswdFileProblems init status =piktstatus level =piktlevel task "Report passwd file problems" input proc "=sort -t: +2n =passwd" seps ":" =passwddata begin set #crisis = #false() #ifdef page set $pagemsg = "$hostname() urgent passwd problem (see alert email)" #endifdef rule // non-root uid 0s if $uid eq "0" && $uname ne "root" output mail "User $uname has UID OF 0!" output syslog "User $uname has UID OF 0!" set #crisis = #true() endif rule // no password if $password eq "" output mail "User $uname has NO PASSWORD!" output syslog "User $uname has NO PASSWORD!" if $uname eq "root" set #crisis = #true() endif endif end // drastic change in /etc/passwd file size // by setting the =deviated() percentage to 0%, could also // report *any* change in /etc/passwd file size set #lines = #innum() if =deviated(lines, 20%) output mail "the size of /etc/passwd has changed by >= 20%, was $text(%lines) lines, is now $text(#lines)" set #crisis = #true() endif #ifdef page if #crisis # if missioncritical =page($pagemsg, =pagesysadmins, =allhours(#now())) # else =page($pagemsg, =pagesysadmins, ! =offhours(#now())) # endif endif #endifdef
This is just one program example. You could add rules, or write new scripts, for example to report: frozen (starred out) accounts, accounts with missing uid or gid, duplicate uids, non-existent gids, empty gecos fields, non-existent home directories or shells, password changes for certain key accounts, illegal user names, malformed lines, etc.
For more examples, see Samples.