listing all user accounts that exist on dapper server
Alan Mckinnon
alan at linuxholdings.co.za
Thu Aug 24 14:46:21 UTC 2006
On Thu, 2006-08-24 at 09:00 -0500, Oscar Veloz wrote:
> How do I list all user accounts that exist on a dapper server, and what
> steps or what checklist do I use to check the security of a dapper
> server from a rogue admin that has left. The obvious is ssh and telnet
> access, but what other vulnerabilities might exist?
To find the local accounts, examine /etc/passwd
To find network accounts, you'll have to examine whatever server is
serving the accounts - nis, ldap, AD, whatever.
Next step is to see what "netstat -atnup" shows to find the open ports.
Run nmap on the servers from trusted clients to cross-check what netstat
shows.
Check the configs of these running services to see who/what is allowed
to connect and when. Check the firewall rules with iptables -L and make
sure the rules all make sense.
You can also reboot the machine and redo those steps to see what is
configured to start (the rogue might have set something up to start, and
switched it off before he left, hoping you'd reboot and not check
further)
Finally, change the root password right now if you haven't already
alan
More information about the ubuntu-users
mailing list