ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> Perl Lessons >> Current Page |Views: 5820

(Perl: Lesson 10)

{ Policy Part 3: Parsing /etc/shadow  }


Section 0. Background Information
  1. What is /etc/shadow file?
    • The /etc/shadow file stores actual password in encrypted format for user's account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. The file contains one entry per line for each user listed in /etc/passwd. Below are the fields that are present in the /etc/shadow file.
    • User name: It is your login name
    • Password: This is your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
    • Last password change: (lastchanged): Days since Jan 1, 1970 that password was last changed Minimum:
    • The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password Maximum:
    • The maximum number of days the password is valid (after that user is forced to change his/her password)
    • Warn: The number of days before password is to expire that user is warned that his/her password must be changed
    • Inactive: The number of days after password expires that account is disabled
    • Expire: days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.
  1. Getting Perl
    • For the purposes of these perl lesson, I will be using a perl package that comes standard on Backtrack, Ubuntu and most flavors of Linux and Unix.
    • However, if you are using Windows, instead of a Linux, Unix or MAC operating system, you still have options.
  2. Pre-Requisite
  3. Lab Notes
    • In this lab we will do the following:
      1. We will download a basic perl program that parses out each element of the /etc/shadow file
      2. The program will provide extraction examples using split.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

Section 1. Login to BackTrack
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open the BackTrack5R1 VM
    • Instructions:
      1. Navigate to where the BackTrack5R1 VM is located
      2. Click on on the BackTrack5R1 VM
      3. Click on the Open Button

     

  4. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings

     

  5. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  6. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine

     

  7. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  8. Bring up the GNOME
    • Instructions:
      1. Type startx

 

Section 2. Bring up a console terminal
  1. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.111.
      • In your case, it will probably be different.

 

Section 3. Download scan_shadow.pl
  1. Become the student user and make a directory
    • Instructions:
      1. cd /home/student
      2. mkdir -p perl_lessons/
      3. cd perl_lessons/

     

  2. Download scan_shadow.pl
    • Instructions:
      1. wget http://www.computersecuritystudent.com/UNIX/PERL/lesson10/scan_shadow.pl.TXT
      2. mv scan_shadow.pl.TXT scan_shadow.pl
      3. chmod 700 scan_shadow.pl
      4. perl -c scan_shadow.pl
      5. ./scan_shadow.pl
      6. ls -l POLICY-A03.txt

     

Section 4. Analyze The Code
  1. SheBang Directive
    • Instructions:
      1. vi scan_shadow.pl
      2. :set nu
      3. Press the <Enter> key
    • Note(FYI):
      • Line 1: #!/usr/bin/perl
        • #! - is called the SheBang Directive.  SheBang is an interpreter directive that tells Linux to load the following program.
        • /usr/bin/perl - is the Perl Interpreter.  SheBang tells the program loader to run the Perl Interpreter.
      • Line 4: chomp(my $PRINT = $ARGV[0]);
        • $ARGV is a special perl array to receive command line arguments.
        • $PRINT will be used to tell the program to output data to the screen.
      • Line 7:  my $dir = "/home/student/perl_lessons";
        • Set the $dir variable to the directory location of the program.
      • Line 10: $log = "$dir/POLICY-A03.txt";
        • Set the $log variable to the output file name.
      • Line 12: open(LOG,">$log") || die "Cannot Open Filename: $!";
        • Open the log file POLICY-A02.txt.  LOG is the filehandle name. The greater than operator (>) mean to write to output.
      • Line 15: chomp($EPOCH_SECONDS = `date +%s`);
        • Determine Today's EPOCH in seconds Jan 1, 1970.
      • Line 18: $EPOCH_DAYS = sprintf("%.0f",$EPOCH_SECONDS/86400);
        • Determine Today's EPOCH in days since Jan 1, 1970.  EPOCH Seconds is converted to days, since there are 86400 seconds in one day.  Perl's sprintf utility allow you to format a decimal point.
      • Line 21: &scan_shadow;
        • Execute the subroutine scan_shadow.
      • Line 23: close(LOG);
        • Close the filehandle LOG, which is log file POLICY-A02.txt.

     

  2. Explaining Lines 25 through 38
    • Instructions:
      1. Arrow down to line 25
    • Note(FYI):
      • Line 25 through 38: sub print_it
        • This subroutine has two actions: (1) Print to Output (line 37), and (2) Print to Screen (Lines 31 to 34).
      • Line 28: chomp(my $tmp = $_[0]);
        • Assign variable $tmp to first parameter.
      • Line 31 - 34: if($PRINT eq "-v")
        • If $PRINT is equal to -v, then print output to screen.
      • Line 37: print LOG "$tmp\n";
        • Print output to the filehandle LOG, which means print to the output file POLICY-A03.txt.

     

  3. Explaining Lines 40 through 43
    • Instructions:
      1. Arrow down to line 40
    • Note(FYI):
      • Line 40: sub scan_shadow
        • The scan_shadow subroutine scans the /etc/shadow file.
      • Line 43: my @CONTENTS = `cat /etc/shadow`;
        • This cats the contents of the /etc/shadow file into an array.

     

  4. Explaining Lines 45 through 49
    • Instructions:
      1. Arrow down to line 45
    • Note(FYI):
      • Line 45: foreach my $line (@CONTENTS)
        • This is a foreach loop.  We will go through the array @CONTENTS line by line.  Remember the @CONTENTS array contains the /etc/login.defs file.
      • Line 47: chomp($line);
        • Perl has a built in function called chomp that removes any end of line characters.
      • Line 49: ($username,$password,$lastchange,$minimum,$maximum,$warn,$inactive,$expire) = split(/:/,$line);
        • Perl's split is used to extract each element between the colon(:) delimiter from the /etc/shadow file.

     

  5. Explaining Lines 55 through 62
    • Instructions:
      1. Arrow down to line 55
    • Note(FYI):
      • Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
      • Line 55: if($password ne "")
        • If password is not blank, then Password Set Correctly.
      • Line 59: else
        • If password is blank, then print a violation.

     

  6. Explaining Lines 68 through 78
    • Instructions:
      1. Arrow down to line 68
    • Note(FYI):
      • Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
      • Line 68: my $LCDAYS = ($EPOCH_DAYS - $lastchange);
        • Subtract password's last epoch change day from today's epoch day number.
      • Line 71-74: if($LCDAYS <= 90)
        • If $LCDAYS is less than or equal to 90 days, then the password change date is within range.
      • Line 75-78: else
        • If $LCDAYS is great than 90 days, then print a violation

     

  7. Explaining Lines 84 through 98
    • Instructions:
      1. Arrow down to line 84
    • Note(FYI):
      • Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
      • Line 84: if($minimum > 0)
        • If the minimum number of days before a password can be changed is greater than 0, then setting is within range.
      • Line 88: else
        • If the minimum number of day is less than or equal to 0, then print violation..
      • Line 97: }
        • End of foreach loop.
      • Line 98: }
        • End of subroutine.

     

  8. Save and Quit
    • Instructions:
      1. Press the <Esc> key
      2. :q!
      3. Press the <Enter> key

 

Section 5. Proof of Lab
  1. Project
    • Instructions:
      1. cp scan_shadow.pl scan_shadow.BKP
      2. Your project is to write an if-clause that interrogate the $maximum variable to see the number of days is less than or equal to 90 days.
      3. vi scan_shadow.pl
      4. After the line that contains "#Project Work Starts Here", place the below code.
        • 
          #Maximum: The maximum number of days the password is valid (after that user is 
          #forced to change his/her password)
          
          #If the maximum number of days is greater 90 days, then print violation
          
          if($maximum <= 90)
          {
          	&print_it("[3.4] Username: $username, [Passed]: Maximum Days ($maximum) Within Range");
          }
          else
          {
          	&print_it("[3.4] Username: $username, [Violation]: Maximum Days ($maximum) Outside of Range");
          }
      5. Press <Esc>
      6. :wq!

       

  2. Proof of Lab
    • Instructions
      1. chmod 700 scan_shadow.pl
      2. perl -c scan_shadow.pl
      3. ./scan_shadow.pl -v | grep Violation | wc -l
        • "l" as in lima.
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof Of Lab Instructions:
      1. Press the <Ctrl><Alt> keys simultaneously
      2. Press the <PrtScn> key
      3. Paste into a word document
      4. Upload to Moodle
     


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth