YASSP
MANUAL PAGE
SECclean YASSP(1)
NAME
SYNOPSIS
/opt/local/sbin/clean_passwd [ -quiet ]
DESCRIPTION
clean_passwd will delete or lock user accounts, and change
the real name of the root account gcos-field.
clean_passwd will first read YASSP configuration file (See
yassp.conf(4)) to initialize variables.
It will then lock the accounts name defined in the ${USER-
DENIED} variable and will replace their shell by ${NOSHELL}.
All account using a UID of 0, and not matching the ${ROOTAL-
LOWED} nawk regexp will be processed the same way.
Accounts name defined in the ${USERSDELETED} will be deleted
from the password file. The account named 'root' is always
excluded from this list.
Last, the real name of the root account (in the gcos field)
is change to {ROOTNAME}
The /etc/passwd and the /etc/shadow files are backed up
under /etc/passwd.Old and /etc/shadow.Old when changes are
made.
SHELLS VARIABLES
USERDENIED It represents a list of account name
separated by a ' ' the clean_passwd script
will lock when run.
Default = 'daemon bin sys adm lp smtp uucp
nuucp listen nobody noaccess nobody4'
ROOTALLOWED Is a nawk regexp that match all account name
with a UID of 0 the clean_passwd script will
accept without locking them.
Default = 'root'
USERSDELETED It represents a list of account name
separated by a ' ' the clean_passwd script
will delete when run. Note that the account
'root' is alway excluded from this list.
Default = ''
ROOTNAME It is a string (or a shell evaluated expres-
sion) use to replace the root real-name in
the gcos-field of the passwd file.
Default = Root at `uname -n`
BUGS
Please send bugs report, suggestions, feedbacks or just
YASSP Last change: Nov 18 2000 1
SECclean YASSP(1)
comments to <chouanard@parc.xerox.com>. Be sure, when
reporting a bug, to indicate your OS (Output of 'uname -a' )
and the version of YASSP you are using (Output of
'pkginfo -l SECclean' ).
FILES
/etc/yassp.conf /etc/passwd /etc/shadow /etc/passwd.Old
/etc/shadow.Old
SEE ALSO
yassp(1), yassp.conf(4)
AUTHORS
Jean Chouanard <chouanard@parc.xerox.com>, the YASSP's team
and the SANS institute (http://www.sans.org)
Information about new releases, mailing lists, and other
related issues can be found from the YASSP WWW home page at
http://www.yassp.org/
YASSP Last change: Nov 18 2000 2
Home
Jean
Chouanard, Xerox PARC