1. Home
  2. Linux systems
  3. Linux security

Recipe 9.4 Finding Superuser Accounts

9.4.1 Problem

You want to list all accounts with superuser access.

9.4.2 Solution

$ awk -F: '$3 == 0 { print $1, "is a superuser!" }' /etc/passwd

9.4.3 Discussion

A superuser, by definition, has a numerical user ID of zero. Be sure your system has only one superuser account: root. Multiple superuser accounts are a very bad idea because they are harder to control and track. (See Chapter 5 for better ways to share root privileges.)

Numerical user IDs are stored in the third field of each entry in the passwd database. The username is stored in the first field. Fields are separated by colons.

9.4.4 See Also

passwd(5).



    		Preface
    		Chapter 1. System Snapshots with Tripwire
    		Chapter 2. Firewalls with iptables and ipchains
    		Chapter 3. Network Access Control
    		Chapter 4. Authentication Techniques and Infrastructures
    		Chapter 5. Authorization Controls
    		Chapter 6. Protecting Outgoing Network Connections
    		Chapter 7. Protecting Files
    		Chapter 8. Protecting Email
    		Chapter 9. Testing and Monitoring
    		Recipe 9.1 Testing Login Passwords (John the Ripper)
    		Recipe 9.2 Testing Login Passwords (CrackLib)
    		Recipe 9.3 Finding Accounts with No Password
    		Recipe 9.4 Finding Superuser Accounts
    		Recipe 9.5 Checking for Suspicious Account Use
    		Recipe 9.6 Checking for Suspicious Account Use, Multiple Systems
    		Recipe 9.7 Testing Your Search Path
    		Recipe 9.8 Searching Filesystems Effectively
    		Recipe 9.9 Finding setuid (or setgid) Programs
    		Recipe 9.10 Securing Device Special Files
    		Recipe 9.11 Finding Writable Files
    		Recipe 9.12 Looking for Rootkits
    		Recipe 9.13 Testing for Open Ports
    		Recipe 9.14 Examining Local Network Activities
    		Recipe 9.15 Tracing Processes
    		Recipe 9.16 Observing Network Traffic
    		Recipe 9.17 Observing Network Traffic (GUI)
    		Recipe 9.18 Searching for Strings in Network Traffic
    		Recipe 9.19 Detecting Insecure Network Protocols
    		Recipe 9.20 Getting Started with Snort
    		Recipe 9.21 Packet Sniffing with Snort
    		Recipe 9.22 Detecting Intrusions with Snort
    		Recipe 9.23 Decoding Snort Alert Messages
    		Recipe 9.24 Logging with Snort
    		Recipe 9.25 Partitioning Snort Logs Into Separate Files
    		Recipe 9.26 Upgrading and Tuning Snort's Ruleset
    		Recipe 9.27 Directing System Messages to Log Files (syslog)
    		Recipe 9.28 Testing a syslog Configuration
    		Recipe 9.29 Logging Remotely
    		Recipe 9.30 Rotating Log Files
    		Recipe 9.31 Sending Messages to the System Logger
    		Recipe 9.32 Writing Log Entries via Shell Scripts
    		Recipe 9.33 Writing Log Entries via Perl
    		Recipe 9.34 Writing Log Entries via C
    		Recipe 9.35 Combining Log Files
    		Recipe 9.36 Summarizing Your Logs with logwatch
    		Recipe 9.37 Defining a logwatch Filter
    		Recipe 9.38 Monitoring All Executed Commands
    		Recipe 9.39 Displaying All Executed Commands
    		Recipe 9.40 Parsing the Process Accounting Log
    		Recipe 9.41 Recovering from a Hack
    		Recipe 9.42 Filing an Incident Report
    		Colophon