>
>I know the host that does the email. I know all the hosts that do not do
>it. They all run seccheck
>
>START_SECCHK=yes in /etc/sysconfig/seccheck
>
>They all have john installed and when I run it does show the same
>usernames with the weak passwords. What I can not figure out is why only
>this one system generates the emails. They either all should or all not.
>But this one system is the only one that does. I am stupped as to what is
>different.
JOHN is not used at all, and in fact, is not a rpm dependency for
secchk.
/usr/lib/secchk/checkneverlogin is the only file that contains the word
'weak', so I suppose the "bug" is there. This script does not use john,
but uses "lastlog", and an administrator is free to not have any lastlog
file in /var/log at all, which means "last logged in" events are not
recorded at all.
Or in short: The host where seccheck warns about weak passwords is
ok, all the other hosts lack a /var/log/lastlog
*OR*
said users with "weak passwords" fulfill the following conditions
(1) never changed their initial password AND
(2) never logged in on that particular machine
Since you replicate the password database (/etc/shadow or others), a
user may change his "weak" password into a good one, without the host
noticing.
In other words, the script that checks for weak passwords
(1) ASSUMES that you have to login ON THAT PARTICULAR MACHINE to
change your password.
(2) ASSUMES that once you have logged in to that particular machine
you are going to change your password - which is a wrong
assumption. Password change is often not enforced on first login.
File a bug report for (2).
>I have been going through /etc/sysconfig and all the files are the same
>with the execptions of where they should be different because of system
>names.
>
>Thanks,
>
>--
>Boyd Gerber <[EMAIL PROTECTED]>
>ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
>
-`J'
--
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
