Difference between revisions of "Sysadmin/password security"

From Earlham CS Department
Jump to navigation Jump to search
(Password Security Tools)
 
Line 12: Line 12:
 
                             # and output them to stdout
 
                             # and output them to stdout
 
</pre>
 
</pre>
 +
 +
There is also a <code>check_and_change.sh</code> script that if given a list of users, it will try to login using the default passwords and if successful, it will generate a random one and change it immediately.

Latest revision as of 10:57, 19 April 2018

Password Security Tools

Here are some utilities for cleaning up accounts with weak passwords. They are located at sysadmin@home.cs.earlham.edu:~/hardshell

The workflow is as follows

$ ./get_users.sh > users.txt
$ nohup ./check_users.sh &  # this may take a few minutes

$ ./bad_eggs.sh nohup.out   # send mail to vulnerable <user>@earlham.edu
                            # and output them to stdout

There is also a check_and_change.sh script that if given a list of users, it will try to login using the default passwords and if successful, it will generate a random one and change it immediately.