Security Basics: Re: Monitoring the change of password in Unix

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Monitoring the change of password in Unix

From: ArcSighter Elite <arcsighter () gmail com>
Date: Mon, 26 Jan 2009 10:53:19 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gustavo Castro wrote:

Wilson:

  You may want to monitor the /etc/passwd file, not the use of the
"command" passwd... Use tripwire, or something like it.

2009/1/21  <wilson () email chop edu>:

Is there a way in Unix, without extra software, to monitor the use of the "passwrd" command to reset the password?  
Perferably something that sent the event to Syslog.

I agree. Use some HIDS-like software such as tripwire or aide. You could
 also get the benefits of enabling accounting services, and hardening
PAM a little more.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl93GYACgkQH+KgkfcIQ8fFyQCff8JpaPySHGFP8ThOFGzyBVMj
VGQAoJT9DYTX44gTH6fl7HCHfqxt4kOc
=Hq5H
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Monitoring the change of password in Unix wilson (Jan 21)
- Re: Monitoring the change of password in Unix Klaus Zing (Jan 21)
- Message not available
  - Re: Monitoring the change of password in Unix Tom Ritter (Jan 21)
- Re: Monitoring the change of password in Unix Gustavo Castro (Jan 21)
  - Re: Monitoring the change of password in Unix ArcSighter Elite (Jan 27)
- Re: Monitoring the change of password in Unix Gustavo Castro (Jan 21)
- Re: Monitoring the change of password in Unix Preston Connors (Jan 21)
- Re: Monitoring the change of password in Unix Eitan Adler (Jan 21)
- Re: Monitoring the change of password in Unix Giuseppe Fuggiano (Jan 21)
- RE: Monitoring the change of password in Unix Jason Mitchell (Jan 21)