Security Basics mailing list archives

Re: Monitoring the change of password in Unix

From: ArcSighter Elite <arcsighter () gmail com>
Date: Mon, 26 Jan 2009 10:53:19 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gustavo Castro wrote:

Wilson:

  You may want to monitor the /etc/passwd file, not the use of the
"command" passwd... Use tripwire, or something like it.

2009/1/21  <wilson () email chop edu>:

Is there a way in Unix, without extra software, to monitor the use of the "passwrd" command to reset the password?  
Perferably something that sent the event to Syslog.

I agree. Use some HIDS-like software such as tripwire or aide. You could
 also get the benefits of enabling accounting services, and hardening
PAM a little more.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl93GYACgkQH+KgkfcIQ8fFyQCff8JpaPySHGFP8ThOFGzyBVMj
VGQAoJT9DYTX44gTH6fl7HCHfqxt4kOc
=Hq5H
-----END PGP SIGNATURE-----

Current thread:

Monitoring the change of password in Unix wilson (Jan 21)
- Re: Monitoring the change of password in Unix Klaus Zing (Jan 21)
- Message not available
  - Re: Monitoring the change of password in Unix Tom Ritter (Jan 21)
- Re: Monitoring the change of password in Unix Gustavo Castro (Jan 21)
  - Re: Monitoring the change of password in Unix ArcSighter Elite (Jan 27)
- Re: Monitoring the change of password in Unix Gustavo Castro (Jan 21)
- Re: Monitoring the change of password in Unix Preston Connors (Jan 21)
- Re: Monitoring the change of password in Unix Eitan Adler (Jan 21)
- Re: Monitoring the change of password in Unix Giuseppe Fuggiano (Jan 21)
- RE: Monitoring the change of password in Unix Jason Mitchell (Jan 21)
  - Re: Monitoring the change of password in Unix asai ajith (Jan 23)