I'm putting together a hilarious saga that I ultimately intend to submit to worsethanfailure.com...

Spent the last week analyzing the Unix systems here in the labs to get an idea of what was running on them, and also to do a security audit. First though I had to break into the boxes, as my predecessor didn't leave any system passwords. Turns out this was easy.

First thing I found on one of the systems is that the 'init' process was running under the account 'Katrina' (names have been changed to protect the innocent). Now 'init' is always owned by 'root' (the system admin account). So this means that somebody else on the system has the user id of '0', which is the administrator ID number on Unix.

As it turns out, I can change Katrina's password, since it's all stored in Windows Active Directory and exported to Unix via LDAP. So I did this and logged in as Katrina. Voila - I've got root access. Did this on several boxes to reset the root password.

Now there's no easy way to find a list of accounts, since this is all done in Windows and authentication is FM (freaking magic).  So I wrote a little 'C' program to find all this info spread around the university and generate what looks like a standard Unix passwd file, which is something I understand.

Next I ran a little awk script to go through and find out if anybody else had UID '0', or administrator access. I'm glad I did this. Turns out that 279 people have administrator access. (There should be exactly 1). Now we manage accounts here for about 1800 people, so somewhere around 1 in 6 have had elevated system privileges.  

These UID's were generated by a software utility my predecessor wrote to add all the Unix attributes to the Windows Directory. This utility has a lot of bugs, and this is only one of them. Duplicate UID's, non-existent home directories that never get created, no-UID (which defaults to 0), etc. 

Sigh... Anyway the short story is that I've got a lot of work left to do.