Ad Widget

Collapse

Best practice: /etc/shadow, /etc/sudoers

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • frlan
    Junior Member
    • May 2012
    • 18
    #1

    Best practice: /etc/shadow, /etc/sudoers

    Hi folks,

    What do you think is best practice to have files like /etc/shadow, which area only readable by root for good reasons, also being checked against changes?
    Tags: None
    • PhilSynek
      Junior Member
      • May 2012
      • 13
      #2
      I know this thread is old, but I will answer this question for everybody who has the same problem.

      If it doesn't violate your security policy, you can simply add the user zabbix to the group shadow:

      Code:
      usermod -G shadow zabbix
      The user zabbix will then have read permission for /etc/shadow

      Greetings,
      Phil

        Comment

        • Darius256
          Junior Member
          • May 2021
          • 1
          #3
          Hi there. You can do this in a workaround: manually or through crontab through a privileged user - save the hash /etc/shadow in a text document, and check back the fact that this file has changed.

          Bash
          for example(it's worked):
          Code:
          sha256sum /etc/shadow > /your/path/hashfile
chown zabbix:zabbix /your/path/hashfile && chmod 400 /your/path/hashfile

          Then create an item:
          Code:
          fs.file.cksum[/path/hashfile]
          (change "/your/path/hashfile" to the path to your hashfile)


          And trigger:
          Code:
          {yourtemp:vfs.file.cksum[/path/hashcheck].diff ()}> 0
          (change "yourtemp" - your template/host name and "/path/hashcheck" - your path to hash file)
          Last edited by Darius256; 08-07-2021, 15:23.

            Comment

            Previous template Next
            Working...