Proof of password changes on IPSO

[twistedmetal]

I am changing the admin passwords on a couple of IPSO boxes.

Mgmt wants "proof" of the password changes.

On SPLAT, in /var/log/messages it shows the commands being executed.

How can I see this on an IPSO box (not showing in /var/log/messages)? Or some other type of proof that the passwords have been changed?

[twistedmetal]

I guess I could just use the history command .. but if anyone has a better method, please let me know.

[MrSnakey]

Hmmmm... I forget now, where are the passwords stored in Voyager?

Standard UNIX? i.e. passwd? If so maybe:

md5sum /etc/passwd
<change password command>
md5sum /etc/passwd

Dear Management,
As you can see the check sum of the file changes after I execute the password command and as such I can be sure that the password change is written to disk.
-----------

Or maybe even give them the password hash... although I don't like that idea one bit.


All this assumes /etc/passwd is where passwords are stored.

Anyone got IPSO in a VM for me and I'll check :)

[BarryStiefel]

Quote:

Originally Posted by twistedmetal

I am changing the admin passwords on a couple of IPSO boxes.

Mgmt wants "proof" of the password changes.

On SPLAT, in /var/log/messages it shows the commands being executed.

How can I see this on an IPSO box (not showing in /var/log/messages)? Or some other type of proof that the passwords have been changed?

How about after you change the passwords, give them the old passwords and let them try to login? Or am I applying logic where it simply isn't welcome?

[demijan]

Quote:

Originally Posted by BarryStiefel

How about after you change the passwords, give them the old passwords and let them try to login? Or am I applying logic where it simply isn't welcome?

LOL... I guess this depends on the size of the company. Our mgmt's doesn't have access to the devices, but the security (compliance) department require "evidences" which takes me more time to collect them, then install and configure new device :-)

[plamy]

Enable "System Configuration Audit Log" which tracks the only supported methods of changing the passwords. The output of the actions will be in /var/log/

-Pierre

[rss8309]

It should indeed show in /var/log/messages

Try the following in the # prompt:

date ; fgrep "User entry created for " /var/log/messages

[jacobsen]

Hi,

here is an other approach:

if you activate the password expiration and set it for lets say to 90 days, you can show your managment that
a) password expiration is set (that makes them feel good) and
b) when the password expires (lets them know when the password was changed)

Quote:

firewall[admin]# clish -c "show password-controls password-expiration"
Password Expiration Lifetime 90
firewall[admin]# awk -F: '$1 ~ /^admin/ { "date -r "$6 | getline ; print "admins password expires on "$0 } ' /var/etc/master.passwd
admins password expires on Thu May 20 13:05:25 CEST 2010

pure pleasure!
J