+ Reply to Thread
Results 1 to 1 of 1

Thread: Using Low Pwered Linux/UNIX Accounts to Enumerate User Accounts on Linux/UNIX

  1. 03-01-2010 06:32 AM #1
    Chris
    Chris is offline Administrator
    Join Date
    Sep 2007
    Posts
    108

    Default Using Low Pwered Linux/UNIX Accounts to Enumerate User Accounts on Linux/UNIX

    How to Configure a Low Pwered Account for User Account Enumeration with Linux/UNIX

    Revision 1.2
    Date: 03/03/2010

    Problem

    When using Random Password Manager or Enterprise Random Password Manager to enumerate the user accounts on a Linux or UNIX system, an alt-admin entry must be created. Historically, the account used would have elevated privileges on the Linux/UNIX system. It would be preferrable to use a low pwered account

    Cause

    The use of a privileged account was because of the permissions assigned to the file on the Linux/UNIX system being read: /etc/passwd. This file does not allow anyone to read the file.

    Resolution

    To use a low powered account to read the /etc/passwd file, the low powered account must be granted privileges to do so. This can be done using chmod or if the system supports it, setfacl.

    The following CHMOD command will let everyone read from the passwd file. If the host system also uses a shadow file, this is not so much an issue as the passwords will not be visible. If the system does not use a shadow file (not typical) then the following command may expose more than just user accounts - know your system and use caution.
    chmod 604 /etc/passwd
    The above command will set the permissions such that any user can read the passwd file and thus determine the list of user accounts on the system. The command provides owner read and write while the world gets read. When looking at the permissions rw----r-- .

    The more thoughtful way, if the OS supports ACLs, is to use the setfacl command:
    setfacl –m u:USERNAME_OR_UID:r /etc/passwd
    Example: setfacl –m u:BOB:r /etc/passwd
    This would set the permissions for /etc/passwd such that the original permissions would remain intact and modify the ACL list to add read and execute for the named user or user id. The resultant permissions would look like this (using getfacl):
    # getfacl /etc/passwd
    getfacl: Removing leading '/' from absolute path names
    # file: etc/passwd
    # owner: root
    # group: root
    user::rwx
    user:BOB:r--
    group::r-x
    mask::r-x
    other::r-x
    In either situation within E/RPM, the low powered account, rather than root, would be added to the alt-admins list which is a requirement for account discovery to work on Linux/UNIX systems.

    Applies To:
    Random Password Manager (RPM)
    Enterprise Random Password Manager (ERPM)
    Last edited by Chris; 03-17-2010 at 12:03 PM. Reason: Adding more permissions definitions
    Support
    support@liebsoft.com
    _________________________

    1900 Avenue of the Stars, Suite 425
    Los Angeles, CA 90067
    http://www.liebsoft.com
    Main: (800) 829-6263
    International: +1 (310) 550-8575
    Fax: (310) 550-1152
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules