Quote:
Originally Posted by nravirao
I want to know the answers to the questions below.
=============
root@prod01 ~]# cat /etc/shadow
root:$1$5f4dcc3b5aa765d61d8327deb882cf99:15651:0:99999:7:::
what are the 3 risk’s observed with the above output, details about the risk, and what would the remediation
steps be.
|
There are distros that don't give root a password at all (Ubuntu, I am looking at you!) and rely on correctly configured sudo to perform system administration tasks. Other distros don't bother; I guess it's a matter of philosophy and opinion.
The password seems to be a bit short, to be honest. I have a default Centos 8 and a default Debian 10 installation here, where it is about three times at long.
I don't know whether the password renewal times can be considered problematic. See
man shadow. root can change the password any time (0) and is not forced to change it in the next few centuries (99999). Seven days before the few centuries end, root will be warned. This is how it is set up on the above-mentioned Centos and Debian servers.
Now, the 15651 is the last password change date. The figure means roughly 2012, which is kind of old.
Remediation should be obvious once you decide which of the above points represent risks.
As the other contributor says, go back to the study material and find out what is defined as best practices, because such questions are partially based on opinions and don't have clear-cut answers.
EDIT: "risks" is written without an apostrophe in this context. Perhaps bad spelling is a risk in itself.