Sysadmin/password security

From Earlham CS Department
Jump to navigation Jump to search

Password Security Tools

Here are some utilities for cleaning up accounts with weak passwords. They are located at sysadmin@home.cs.earlham.edu:~/hardshell

The workflow is as follows

$ ./get_users.sh > users.txt
$ nohup ./check_users.sh &  # this may take a few minutes

$ ./bad_eggs.sh nohup.out   # send mail to vulnerable <user>@earlham.edu
                            # and output them to stdout

There is also a check_and_change.sh script that if given a list of users, it will try to login using the default passwords and if successful, it will generate a random one and change it immediately.