I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
View 7 Replies
Today i was going through some of security guides written on linux .Under shadow file security following points were mentioned.1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.3)password for application Username should display * if username is not locked.4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.
Confusion for point 1 and 2:Now i m confused as why the encrypted password should be more than 14-25 characters.Also what rules to satisfy How to check it?Confusion for point 3 and 4:There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.How would i check whether they are actually locked or not.I m posting the output of /etc/shadow and /etc/passwd files for the account.
My script.
This is may script:
Code:
Problem: Output file doest not exclude the values in grep -av
I have a huge binary log file. There are lets say 4 id's that I want to find in a log file. I know that those 4 id's will be present in the log file and I also know in what order they will be present. I want to find 1st id from the log then 2nd id and then third id and so on..
Simple/inefficient solution is: Loop through the id's and then grep in the log file. Problem with this solution is for each id grep will search from the beginning of the file.
Better/efficient solution would be: Sine I know the order in which id's will be present in the log file. Loop through id's, grep 1st id and then move on to grep 2nd id and so on...this way I can grep all id's in one pass. Is this solution possible ?
I have 500000 + values to find in log files and I have to find efficient solution for it.
Is there any way i can pass two / three values to grep. Basically i want to list the lines in the file with three different values. Currently I'm using three grep to get my work done.
EG: more Filename | grep text1 | grep text2 | grep text3
BRs
So in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
I noticed that our /etc/shadow file is readable on a patch I released for one of our in house linux boxes a while back ago. Could they use it to gain access the root account etc? Our passwords are all MD5 encrypted.
View 5 Replies View RelatedI am working on building a customized ISO image of a server based on linux. The thing is after the server is installed and run for the first time, three users have to be created for the various services to run properly. I want this to be automated. To achieve this what is was thinking is automatically enter the user entries in the /etc/passwd and /etc/shadow files through init scripts when the server starts for the first time after the installation. I tried creating user and assigning password in one of my machine, and the /etc/passwd and the /etc/shadow entries of this user I copied it into the other machine and tried login in on the other machine and everything worked fine. How I am trying to achieve this.
View 1 Replies View RelatedI want to know, how does changes happened in the encrypted password in /etc/shadow file , when user changing password . because user doesnot have access on that file
View 1 Replies View RelatedI've been trying to write php or perl code to generate the sha-512 password hashes in fedora. I've been unable to do the hashing which is encoded in the shadow file on fedora core 11. Does anyone have php or perl code which provides the hashing algorithm. (All of my attempts result in the encrypted hashing being longer than 86 character -- the length that crypt says the sha-512 should be)
View 3 Replies View RelatedI need to manually convert an string ( like with echo ) to a DES crypt format to be inserted inside a /etc/shadow file, does anybody knows how can I do that?
Maybe there are some little tool that could handle that operation, well.. I don't know, hope someone can give me a hint on that.
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Quote:
kernel /vmlinuz-2.6.38.6-26.rc1.fc15.i686.PAE ro root=/dev/mapper/vg_anonymous-lv_root rd_LUKS_UUID=luks-3ef72221-1165-46a6-ab69-3932e22e9d4f rd_LVM_LV=vg_anonymous/lv_root rd_LVM_LV=vg_anonymous/lv_swap rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=de
initrd /initramfs-2.6.38.6-26.rc1.fc15.i686.PAE.img
[Code]....
I remember that some time ago I found a guide on the Ubuntu website about adding samba shares to mount at boot via /etc/fstab. The guide also mentioned using a credentials file to store the username and password.
However, the password was encrypted (in md5 I think) and it could not be read directly, but it still worked with fstab mount. If I remember correctly, the file contents were similar to this:
Code:
useraname = user
password = --md5
where was replaced by the encoded password. All was done in terminal. Recently I changed computers, and re-installed Ubuntu, but I forgot to save that file so I am not sure about the contents. I would like to know how to do this again, but I can't find the guide anymore. Does anyone know how to do this? Storing the password in plain text in file readable only by root is not acceptable because it can be read by someone mounting the drive from other operating system, and the share cannot be mounted/unmounted by regular users (which is possible with the md5 encrypted password).
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
View 2 Replies View RelatedIs it possible to have the passwd file for svnserve encrypted, rather than store the usernames/passwords in plain text?
View 3 Replies View RelatedI am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
View 4 Replies View RelatedI deleted root from passwd and shadow file.Can I crate a new root user?
View 1 Replies View RelatedI recently mashed the passwd, shadow, gshadow, group files in my Fedora 12 installation. I was dumb and didn't take a copy of the originals and all I have is the originals from a Fedora 11 installation.
View 2 Replies View RelatedI'm running RHEL 5. When using the GUI System>Administration>Users and Groups, I get the error: The user database cannot be read. This problem is most likely caused by a mismatch between /etc/passwd and /etc/shadow or /etc/group and /etc/gshadow. The program will exit now.
Some research showed that I need to use vipw and vigr respectively to find an inconsistency between these two sets, which I did - to make it easy I copied each from [vipw | vigr] to an excel file and did =exact(%1, %2). There are no inconsistencies.
[Code]...
I am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
View 7 Replies View RelatedThe /etc/shadow file contains an id of $1$, $2$, $5$ or $6$ to show the encryption method used.A salt follows this,followed by the password hash.When a user is created and a password is set, a hash is RANDOMLY generated and used as the salt to the password hash. Everytime that user logs in, login checks /etc/shadow for the $id$ and salt and runs the password given by the user through the hash mechanism ($id$) using the salt in /etc/shadow.So basically does login look at /etc/shadow for the $id$ and salt to create a hash with which to compare to the /etc/shadow hash?question 2 - If my $id$ was $5$, which is sha256, how would i go about changing this? Like is there a shadow.conf or crypt.conf or something? Can i change it per user?
View 2 Replies View RelatedI have installed fedora 11 in my system. While installing it asked me encrypted password which i passed. But I forgot that. Now the problem is whenever i boot my system before going to root itself it is asking for volume encrypted password, which as i told you i have forgot. Now i am not able to access my hard disk since it is completely locked. Is there any way to decrypt the password or unlock it. Or if that is not possible can data be recovered,which is my primary requirement..
View 1 Replies View Relatedhow to retrive every portion separately from following file name? DSA4020_frontcover_20346501_2011-05.doc
I want to retrieve informations as below;
name = DSA4020
type = frontcover
id = 20346501
date = 2011-05
is it possible to do with sed??
I have the following values in my log file:
...
2010-05-13 11:00:00 k_TRANSFER OK (11)
2010-05-13 11:30:01 m_TRANSFER OK (21)
2010-05-13 12:00:00 k_TRANSFER OK (12)
2010-05-13 12:30:00 m_TRANSFER OK (32)
2010-05-13 13:00:00 m_TRANSFER OK (13)
...
I want to replace every number with it's decrement. For example, the above values should be:
...
2010-05-13 11:00:00 k_TRANSFER OK (10)
2010-05-13 11:30:01 m_TRANSFER OK (20)
2010-05-13 12:00:00 k_TRANSFER OK (11)
2010-05-13 12:30:00 m_TRANSFER OK (31)
2010-05-13 13:00:00 m_TRANSFER OK (12)
I need to kind of grep within grep. My input file would be something like:
[Code]....
and I need to find the first occurrence of hello before MY PATTERN (hello 9008 in this case), so the output should be:
[Code]....
I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow. Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..
View 6 Replies View RelatedI want to read values from a file...these are basically one word values, that is to say that the text file I want to read from contains lines of word length 1, as in:
word1
word2
word3
[code]...
I'm doing some bash-scripting and want to be able to print some text (just plain text) files into the new bash-scripts, created within a loop. Here's a short example of what I do:
Code:
# main bash script #
#!/bin/bash
##Filename
variable1=10
for ((j=0;j<=40;j+=1))
do
## Create another bash-script
echo "#!/bin/bash" >> bash_script_$j
... some stuff...
cat file1.txt >> bash_script_$j
... some more stuff...
done
where the text file (file1.txt) I want to print in the the new bash script looks something like:
Code:
# file1.txt #
...some stuff...
logsave log some_program($variable1)
mv output_$j folder_$j/
... some more stuff...
I.e, the text file contains variables such as "$j", "$variable1" etc that are undefined. Doing the above works for creating new bash scripts (bash_script_1 - bash_script_40) but the variables are not determined. I would like, if possible, to somehow print the text in file1.txt into the new bash-scripts with the variables determined, i.e:
Code:
# bash_script_1 #
...some stuff...
logsave log some_program(10)
mv output_1 folder_1/
... some more stuff...
The text files I read are quite extensive so I would really prefer not having to paste them into the FOR-loop directly.
I need to create a script that returns a list of the users who have never changed their password from /etc/shadow. As I know on linux there is a command "chage" used for find last password change.
View 2 Replies View RelatedI've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies View Related
