On 2014-10-31 Fri 11:52 AM |, Alexander Hall wrote:
>
> However, for the purpose of indicating password changes, this is pretty
> useless anyway, since:
>
> - You can change to the same password
> - logger(1) is available for anyone to use (AFAIK)
>
> $ while sleep $((3600*24*7)); do logger "I changed my password this week
> too"; done &
>
How about a 2am (after /etc/daily finished) root cron job
to run a script something like this (a bit rough & could be improved):
03 2 * * * nice /root/bin/passwd-differ
#!/bin/ksh
_master='/etc/master.passwd'
_current="/var/backups/${_master##*/}.current"
diff -q ${_master} ${_current} > /dev/null ||
{
diff ${_master} ${_current} | cut -d: -f1 | awk '/^> / { print $2 }' |
while read user
do
logger -p auth.info "${user}'s password has changed"
done
# adding/deleting users/packages will probably fuck this up...
}
Trawl syslog entries by root in /var/log/authlog
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
