use strict;
use warnings;
# $user, $passwd, $uid, $gid, $gecos, $homedir, $shell
my ($sysShells, $badShells, $passwds, $uid, $gid, $wheel, $ssh);
$sysShells = "\nUSER:PASSWD:USERID:GROUPID:GECOS:HOMEDIR:SHELL";
$badShells = "\nBAD SHELLS \n(except for root, system user shells shou
+ld be /sbin/nologin)\nuser|uid|shell";
$passwds = "\nCLEAR or EMPTY PASSWORDS\n(password field not set to x,
+should see no output)";
$uid = "\nUSERS with UID of ZERO \n(should only be root)\nuser|uid|gid
+|shell";
$gid = "\nUSERS with GID of ZERO \n(should be root plus all members of
+ root group)\nuser|uid|gid|shell";
$wheel = "\nUsers in WHEEL GROUP:\n";
$ssh = "\nSSH CONFIG (selected options)\n";
# copy the password file
my $passwdFile = 't_e_s_t_passwd';
my $copy = `cp -pf /etc/passwd $passwdFile`;
unless(open(READFILE, "<$passwdFile"))
{
print "Error opening file $passwdFile\n";
die;
}
my @userIDsShells = <READFILE>;
close(READFILE);
# delete the copy of password file
my $remove = `rm -f $passwdFile`;
my $run = 1;
while($run)
{
print "\nPlease enter a selection from the list below:\n";
print "users : all users, paswords, user IDs, group IDs, co
+mments, home directory, and shells.\n";
print "passwds : all users with Empty passwords, enter passwd
+s.\n";
print "uid : all users with UID 0 (root access).\n";
print "gid : all users with GID 0 (root access).\n";
print "shells : system users, who do not have \/sbin\/nologi
+n as their shell.\n";
print "wheel : users in wheel group.\n";
print "sshd : selected sshd_config options.\n";
print "exit : to exit.\n";
print "\n*********************************************************
+**********************\n";
chomp(my $choice = <STDIN>);
if($choice eq 'users') { showUsers($sysShells, @userIDs
+Shells);}
elsif($choice eq 'passwds') { showEmptyPasswds($passwds, @us
+erIDsShells);}
elsif ($choice eq 'uid') { showUsersWithUIDofZero($uid, @
+userIDsShells);}
elsif ($choice eq 'gid') { showUsersWithGIDofZero($gid, @
+userIDsShells);}
elsif($choice eq 'shells') { showSystemUsersWithBadShells($
+badShells, @userIDsShells);}
elsif($choice eq 'wheel') { limitSUcmdToWheel($wheel);}
elsif($choice eq 'sshd') { selectedSSH_ConfigOptions($ss
+h);}
elsif ($choice eq 'exit') { print "Goodbye!!!\n"; $run=0;}
else { print "Bad choice. Try again.
+\n"; message();}
}
######################################################################
+##################################
sub showUsers
{
my $header = shift;
my @array = @_;
print "\n*********************************************************
+**********************\n";
print "$header\n\n";
for(my $index=0; $index<@array; $index++)
{
print "$array[$index]\n";
}
print "\n*********************************************************
+**********************\n";
return;
}
sub showEmptyPasswds
{
my $header = shift;
my @array = @_;
print "\n*********************************************************
+**********************\n";
print "$header\n\n";
if(@array == 0)
{
print "NONE\n";
}
else
{
for(my $index=0; $index<@array; $index++)
{
chomp($array[$index]);
my ($user, $passwd, $uid, $gid, $gecos, $homedir, $shell) =
+ split/:/, $array[$index];
if($passwd ne 'x')
{
print "$user|$passwd\n";
}
}
}
print "\n*********************************************************
+**********************\n";
return;
}
sub showUsersWithUIDofZero
{
my $header = shift;
my @array = @_;
my $nologin = '/sbin/nologin';
print "\n*********************************************************
+**********************\n";
print "$header\n\n";
if(@array == 0)
{
print "NONE\n";
}
else
{
for(my $index=0; $index<@array; $index++)
{
chomp($array[$index]);
my ($user, $passwd, $uid, $gid, $gecos, $homedir, $shell) =
+ split/:/, $array[$index];
if($uid == 0)
{
print "$user|$uid|$gid|$shell\n";
}
}
}
print "\n*********************************************************
+**********************\n";
return;
}
sub showUsersWithGIDofZero
{
my $header = shift;
my @array = @_;
my $nologin = '/sbin/nologin';
print "\n*********************************************************
+**********************\n";
print "$header\n\n";
if(@array == 0)
{
print "NONE\n";
}
else
{
for(my $index=0; $index<@array; $index++)
{
chomp($array[$index]);
my ($user, $passwd, $uid, $gid, $gecos, $homedir, $shell) =
+ split/:/, $array[$index];
if($gid == 0)
{
print "$user|$uid|$gid|$shell\n";
}
}
}
print "\n*********************************************************
+**********************\n";
return;
}
sub showSystemUsersWithBadShells
{
my $header = shift;
my @array = @_;
my $nologin = '/sbin/nologin';
print "\n*********************************************************
+**********************\n";
print "$header\n\n";
if(@array == 0)
{
print "NONE\n";
}
else
{
for(my $index=0; $index<@array; $index++)
{
chomp($array[$index]);
my ($user, $passwd, $uid, $gid, $gecos, $homedir, $shell) =
+ split/:/, $array[$index];
#print "\n\n$array[$index]\n";
#print "**shell=$shell*** ***nologin=$nologin***\n";
if($uid < 500 && $shell ne $nologin)
{
print "$user|$uid|$shell\n";
}
}
}
print "\n*********************************************************
+**********************\n";
return;
}
sub limitSUcmdToWheel
{
my $header = shift;
my $wheel = `grep -i wheel /etc/group`;
my $suConfig = `grep -i pam /etc/pam.d/su`;
print "\n*********************************************************
+**********************\n";
print "$header";
print "$wheel\n";
print "(\/etc\/pam.d\/su: auth required \/lib\/security\/pam_whee
+l.so use_id)\n";
print "$suConfig\n";
print "\n*********************************************************
+**********************\n";
return;
}
sub selectedSSH_ConfigOptions
{
my $header = shift;
my $allowedUsers = `grep -i allowusers /etc/ssh/sshd_config`;
my $permitRootLogin = `grep -i permitrootlogin /etc/ssh/sshd_confi
+g`;
my $permitEmptyPasswords = `grep -i permitemptypasswords /etc/ssh/
+sshd_config`;
my $protocol = `grep Protocol /etc/ssh/sshd_config`;
my $ignore = `grep -i ignorerhosts /etc/ssh/sshd_config`;
my $client = `grep -i client /etc/ssh/sshd_config`;
print "\n*********************************************************
+**********************\n";
print "$header\n";
print "$allowedUsers\n";
print "$permitRootLogin\n";
print "$permitEmptyPasswords\n";
print "$protocol\n";
print "$ignore\n";
print "$client\n";
print "$allowedUsers\n";
print "\n*********************************************************
+**********************\n";
return;
}
sub message
{
print "\n\nPress enter to continue.\n";
<STDIN>;
}
|