0

How do I edit my script so that it checks that there is only one root ID?

Expected Output

Audit criteria: There is only one root id

Vulnerability: Yes

Details: See below


root:!:0:0::/:/usr/bin/bash

jdoe:*:0:1:John Doe:/home/jdoe:/usr/bin/bash

The Script

#!/bin/bash

isVulnerable="No"
isVulnerable="Yes"    

cat /etc/passwd | cut -f3 -d":" | sort -n | /usr/bin/uniq -c | while read x ;            
do 
   [ -z "${x}" ] && break
   set - $x

if [ "$1" -gt 1 ]; then
    users=`/bin/gawk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | /usr/bin/xargs`

echo "Audit Criteria: Duplicate UID ($2): ${users}"
echo "Vulnerability: ${isVulnerable}"
echo "Details: see below"
echo
grep "x:0:" /etc/passwd

else

echo "All user id are unique"
fi

done
Ruslan Osmanov
  • 20,486
  • 7
  • 46
  • 60
S.Smith
  • 35
  • 5

2 Answers2

1

It is quite convenient to collect the rows with duplicate fields using AWK:

get_dups() {
  awk -F':' '$3 == 0 { if (dup++) print } END { exit(dup > 1) }' /etc/passwd
}

If there are multiple zero user IDs in /etc/passwd file, the function exits with non-zero status, and prints the lines having duplicate root user IDs to the standard output. Otherwise, the exit status is zero.

Usage:

dups="$(get_dups)"
if [ $? -eq 0 ]; then
  vulnerability='No'
  msg='There is only one root ID'
else
  vulnerability='Yes'
  msg='There are multiple root IDs'
fi
printf '%15s: %s\n' 'Audit criteria' "$msg"
printf '%15s: %s\n' 'Vulnerability' "$vulnerability"

[ -z "$dups" ] && dups='All user IDs are unique'
printf '\n%s\n' "$dups"
Ruslan Osmanov
  • 20,486
  • 7
  • 46
  • 60
0

You can do this :

ROOT_COUNT=$(cut -f3 -d":" </etc/passwd | grep -c ^0$)

Then, if ROOT_COUNT contains something higher than 1, you have multiple users with UID 0.

Fred
  • 6,590
  • 9
  • 20
  • 1
    or `grep -c` instead of `wc -l`. Or you could replace the entire pipeline with a tiny awk script. – ghoti Jan 23 '17 at 03:48
  • @ghoti I updated my answer, never noticed this grep option before. Thanks! – Fred Jan 23 '17 at 03:52