Linux Authentication


Created: 09.09.2020

User Account/Data

â€Ē /home/%username%/* â€Ē /etc/passwd
â€Ē /etc/shadow
â€Ē /etc/sudoers

â€Ē /etc/group

Unused accounts

Look for unexpected account, especially those that don’t have password (empty).

cat /etc/shadow | awk -F: '($2==""){print $1}' # 

Effective ID vs Real ID

References

1

eForensics Magazine, Linux Forensics and Security