Question

I’m performing a security audit on a Linux system and one of the tasks is to enumerate all users and identify any potential issues with user permissions or accounts that may pose a security risk. I know the /etc/passwd file contains user information, but I’m not sure if there are other Bash commands that can help me gather more detailed information, such as user groups, last login times, or password settings.

What Bash commands can I use to efficiently enumerate users and check for weak spots in user account security? Any additional tips on what to look for in user enumeration would also be appreciated.

Answer 1

At the time of a security audit, we can use a combination of Bash commands to enumerate users and gather details about their settings.

1. To list all the users

cat /etc/passwd

2. To check for users with login shells

awk -F':' '$7 ~ /\/bin\/bash/ {print $1}' /etc/passwd

3. To list user groups

cut -d: -f1 /etc/group

4. To show last login of each user

lastlog

5. To check the password policies

sudo cat /etc/shadow

All these files can be inspected while performing a security audit to identify any user accounts with weak or no passwords, interactive users, and misconfigurations.

Comments

Great list of commands! This will be really useful for auditing Linux systems. Thanks for the clear and straightforward explanation!