chkacct

Name:

chkacct

Release Information

Release 1.3 from Shabbir Safdar (freeware)

Download from http://ftp.sunet.se/ftp/pub/security/tools/admin/chkacct/

Functionality

User account security checker

Requirements

All strains of UNIX. Perl not required, but recommended, for .rhosts check

Documentation

man pages available. README file is sufficient for installation

Installation Details

Routine. Some trivial changes required for local systems (reporting email address etc..). reconfig puts things into place.

Evaluation Notes

Step 1 (of 3) dot file check

• Does /bin/ls -gld on dot files, comes up with wrong diagnosis (file owned by X, when X is actually the group that owns it) should do ls -ld and it should be fixed
• A simple way to fix this problem (if it occurs) is to manually edit chkacct after running reconfig. Change the LSOPTS variable (remove g from it). This is a bug in reconfig.
• help does not give any additional answers in this step
• does automatic mode fix problems or not ? YES, unless you specified "harmless" (-n) at startup. Step 2 (of 3) file permissions
• complains about group writable (can be configured to ignore group writable files) Step 3 (of 3) .rhosts
• gives warnings about entries, but not very smartly
• Can be run in interactive mode, can correct problems automatically

Scenarios

Can be run in non-interactive mode in the user startup files. Can be run in either fix mode or diagnostic mode, and output sent to admin.

Conclusion

Not a very powerful tool, but does have the merits of being easy for the user to run, can perform checks on startup, and eliminates some security problems that are common onsite. Does not flood with data.

Recommendation

Further Discussion

This review was written by Jai Sundar Balasubramaniyan <balasujs@cs.purdue.edu> during the summer of 1997. The opinions expressed are for purposes of critical review, and do not represent any official recommendation or endorsement by COAST or Purdue University.