-1

i have this bash script here that i'm trying to modify to check if there is only one root id, is it vulnerable and currently, this script only checks if there is a duplicate uid and display the users that shares the same uid. Thanks in advance! :)

Bash Script: 

#!/bin/bash
/bin/cat /etc/passwd| /bin/cut -f3 -d":" | /bin/sort -n | /usr/bin/uniq-c | while 
read x ; do
  [ -z "${x}" ] && break
  set -$x
  if [ $1 -gt1 ]; then
       users=`/bin/gawk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd| /usr/bin/xargs`
       echo "Duplicate UID ($2): ${users}"
  fi
done

Expected Output:

Audit criteria: There is only one root id

Vulnerability: Yes

Details: See below


root:!:0:0::/:/usr/bin/bash

jdoe:*:0:1:John Doe:/home/jdoe:/usr/bin/bash
codeforester
  • 39,467
  • 16
  • 112
  • 140
S.Smith
  • 35
  • 5
  • I suggest to replace `uniq-c` by `uniq -c` and please take a look: http://www.shellcheck.net/ – Cyrus Jan 22 '17 at 08:02
  • Is there a reason you are using full paths for basic commands like `cut`, `grep`, `awk` etc? – codeforester Jan 22 '17 at 08:07
  • @codeforester this was an example given to me and as im a beginner in bash scripting i didnt realised it until you pointed it out, thanks for the input! – S.Smith Jan 22 '17 at 08:23

2 Answers2

0

You can simplify your script greatly because all you are looking for is user id 0, which is root:

#!/bin/bash
root_count=$(cut -f3 -d":" /etc/passwd | grep -wc 0)
if [[ $root_count > 1 ]]; then
  users=$(awk -F: '($3 == 0) { print $1 }' /etc/passwd | xargs)
  echo "Duplicate roots: ${users}"
fi
codeforester
  • 39,467
  • 16
  • 112
  • 140
0

You can use awk to find that out:

if ! awk -F: '$3==0{c++}END{exit !(c<2)}' /etc/passwd ; then
    echo "More than one user with uid 0"
fi
hek2mgl
  • 152,036
  • 28
  • 249
  • 266