[Tiger-devel] [PATCH] Overhaul of the check_accounts module (1 of 3 module overhauls)

[Ryan Bradetich]

Hello all,

Here is the first example patch of for the check_accounts script.  Since
the changes involved a fairly major overhaul of the script I am
including both the patch and the final module for review.

I am very interested any feedback on this patch direction.  Also,
barring any additional computer problems, I will be working on the
check_password portion of this patch today.  

This patch has been tested on RedHat, Debian, HP-UX 11.11, HP-UX 11.00,
and HP-UX 10.20.  

Thanks,

- Ryan

P.S. sorry for the size of this email.  Should I be using and linking
to the patch tool provided by savannah?


This patch does the following:

  * Fixed the join statement to properly handle empty fields for
check_user.
  * Fixed the home directory permission check.
  * Simplified the parent directory check.
  * Removed the "root" requirement for checking the shell initilizaion
files.
  * Added .bashrc and .kshrc to the default list of .dotfiles.
  * Removed the following checks (Duplicates will be merged, the
remaining checks will be relocated to a more appropriate module:
check_passwd or check_passwdformate.)

    - Login ID is disabled, but still has a valid shell (acc001w)
    - Login does not have a valid shell (acc020w)
    - UID has / for home directory (acco14f)
    - comments in the password field (acc013w -> but currently not used)
    - empty password check (acc010a, acc011w)
    - Login ID is UID-0 (acc012w)
    - duplicate home directory check (acc015w)
    - Administrative Login ID should have impossible password (add018w)
    - Password aging check (acc016w)
    - Mis-match between users in /etc/passwd and /etc/shadow (acc017w)

check_accounts.patch
Description: Text Data

check_accounts
Description: Text Data