Solved

Disable system accounts on Solaris,HP-UX,IBM and Linux redhat and suse

Posted on 2006-07-24
11
6,983 Views
Last Modified: 2013-12-06
HI ALL,

    Can some plesae tell how do i get the list of all system accounts that are not being used .How can i tell if the account
is not being used.
2.How can i disable the account .
3.What is using that account ???
4.Can Some one please shoe me how to get the system account list i know it is /etc/passwd but which ones are system accounts How Can i tell ...??? I need this info As soon As possible ......Thanks

   And all related information .

Thank YOU ALL .......
0
Comment
Question by:kaka123
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 250 total points
ID: 17173050
system accounts generally have a UID of <100 (but this will vary between systems).  It also depends a little on your definition of a "system account"

To list all accounts with UID <100, do

awk -F: '$3 < 100 {print}' /etc/passwd

As to disabling, what is using the account and if it is being used, that varies greatly.

Probably best you describe what problem you are trying to solve.  Do you have some auditors coming through at the moment?
0
 

Author Comment

by:kaka123
ID: 17177233
YES !! We are being aduit and i want to make sure before they hit our boxes we are on top of what should have been done long time a go .So how can i find if the account is being used and what service is using that before i go and disable that .What is the best way to handle this with out causing any issues .Thanks
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 250 total points
ID: 17179458
As previously mentioned, there are too many variables to give a generic answer.

My suggestion would be to use a tool like Bastille to check the security of your systems.

See http://www.bastille-linux.org/
0
 
LVL 38

Assisted Solution

by:yuzh
yuzh earned 250 total points
ID: 17181159
The typical Unix system accounts are:
   daemon
   bin
   sys
   adm
   lp
   smtp
   uucp
   listen
   nobody
   noaccess
   nobody4

You can edit the /etc/passwd file to make system accounts have no login shell, add /bin/false shell, eg:

daemon:x:1:1::/:/bin/false
bin:x:2:2::/usr/bin:/bin/false
sys:x:3:3::/:/bin/false
adm:x:4:4:Admin:/var/adm:/bin/false
lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/false
uucp:x:5:5:uucp Admin:/usr/lib/uucp:/bin/false
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:/bin/false
nobody:x:60001:60001:Nobody:/:/bin/false
noaccess:x:60002:60002:No Access User:/:/bin/false
nobody4:x:65534:65534:SunOS 4.x Nobody:/:/bin/false
sshd:x:1011:300:sshd privsep:/var/empty:/bin/false
mysql:x:1012:301:Mysql:/mysql:/bin/false

to disable the shell login for the above accounts. and you can still run the services
as the above users, eg run apache as user nobody etc.

0
 
LVL 6

Expert Comment

by:JJSmith
ID: 17188708

With the exception of root(uid=0), disable/LocK all account with a UID below 100.

No external/remote users should be using 'uid's below 100.

Cheers
JJ
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Accepted Solution

by:
yuzh earned 250 total points
ID: 17189508
You can modify the /etc/shadow file to lock the account, replace the password in the /etc/shadow file with the string "*LK*".

eg, I locked user "sshd" and "mysql", the shadow file for them looks like:
sshd:*LK*:::::::
mysql:*LK*:::::::

The format of  /etc/password is:
username:password:uid:gid:comment:home-directory:login-shell

where
'x' mean required to have password, 11029 UID, 1 is GID etc

and  format of  /etc/shadow file (only readable by root):

username:password:lastchg:min:max:warn:inactive:expire
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17189517
The above will work for Solaris, HP/UX and Linux, but not for AIX.
0
 

Author Comment

by:kaka123
ID: 17196532
Thank you all for your reply I edited the /etc/shadow and for system accounts
daemon
   bin
   sys
   adm
   lp
   smtp
   uucp
   listen
   nobody
   noaccess
   nobody4
   I put "No login" for Hp-UX and for aix what I did I edited the /etc/security/user file and false for all the accounts above .for Solaris and Linux I am using what yuzh have suggested.Can any please tell me if i am on the right track ?????Thanks ALL for your reply.
thank you ALL....
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 250 total points
ID: 17196713
Please note that by default, those accounts you have "locked" were already effectively locked.

For example, let's look at the daemon user on Solaris, the default  /etc/passwd entry is:

daemon:x:1:1::/:

and default /etc/shadow entry is:

daemon:NP:6445::::::

Any invalid entry in column 2 of the /etc/shadow file means it has a password that can't be used.  The only way you can "login" to this user is to do

su - daemon

as the root user.  To prevent this (although if you're root already, I don't see the point), you need to add

/bin/false (or similar) to the /etc/passwd entry, eg:

daemon:x:1:1::/:/bin/false
0
 
LVL 38

Expert Comment

by:yuzh
ID: 17198612
When you edit the /etc/passwd file and /etc/shadow file, you need to make sure
you have the correct format as in http:#17189508, and they should looks like the
example in:
http:#17181159 and http:#17189508
0
 

Author Comment

by:kaka123
ID: 17200151
greate Thank you all for your reply ...
Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now