The Password File

Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

No entry in /etc/passwd has '::' after the user name.
All entries containing ':*:' after the user ID are not login accounts and have '/dev/false' as their login shell.
Only one entry in /etc/passwd has a '0' for the third field.
All non-user (or root) accounts have ':*:' after the user ID and have '/dev/false' as their login shell.
The uucp account is disabled or nonexistent.
The ftp account has ':*:' after the user ID and '/dev/false' as the login shell.
No '+' appears in any line in /etc/passwd
No line like this: '+:*:0:0:::' appears in /etc/passwd.
/etc/rc.local runs ypbind with the -s option or does not tun it at all.
C2 protection is implemented or there is no C2 capability for this operating system.
Password shaddowing is implemented or is not available for this operating system.
You periodically audit the /etc/passwd and /etc/shaddow files for additions, alterations, and removals.
You periodically verify that each user with an identity in the password file corresponds to a currently authorized user.
There are no unauthorized usres listed in the password files right now.

With maximum value of