On November 1, 2014 12:49:51 PM CET, skin...@britvault.co.uk wrote:
>On 2014-10-31 Fri 11:52 AM |, Alexander Hall wrote:
>>
>> However, for the purpose of indicating password changes, this is
>pretty
>> useless anyway, since:
>>
>> - You can change to the same password
>> - logger(1) is available for anyone to use (AFAIK)
>>
>> $ while sleep $((3600*24*7)); do logger "I changed my password this
>week too"; done &
>>
>
>How about a 2am (after /etc/daily finished) root cron job
>to run a script something like this (a bit rough & could be improved):
>
>03 2 * * * nice /root/bin/passwd-differ
>
>
>#!/bin/ksh
>
>_master='/etc/master.passwd'
>_current="/var/backups/${_master##*/}.current"
>
>diff -q ${_master} ${_current} > /dev/null ||
>{
> diff ${_master} ${_current} | cut -d: -f1 | awk '/^> / { print $2 }' |
> while read user
> do
> logger -p auth.info "${user}'s password has changed"
> done
> # adding/deleting users/packages will probably fuck this up...
>}
>
>Trawl syslog entries by root in /var/log/authlog
Well, that might make you feel better, but if you think about it, it does not
solve any of the two issues.
/Alexander
