Hi Guys

Can some one tell me how i can write a script that can extract login details and human readable passwords from linux red hat.

Thanks in advance

No - hacking isn't supported here.

You can see who logged in when in /var/adm/messages. You can also use finger and last. Getting passwords however isn't something any admin should be doing. If you have root you don't need the password. If you don't have root then you shouldn't have the passwords.

Hi

Im sorry but i think i may have not explained my query to well...we have been transfered about 9 linux/solaris servers for management. We need to run some audits on these servers i.e. disk space hardware, kernel versions, security and also a list of users and there current passwords. I suspected there could be a way where i could convert the passwords back to simple text.

Regards

Password encryption is a one way process. You can not get the plain text back from the hashes that are in /etc/shadow.

You can use a password cracking program like John the Ripper to retrieve very weak passwords.

You will have to force everyone to change their password in this case - which is also a good practice in general...

Right. crack and other utilities will only find simple passwords. For good passwords it shouldn't find the detail.

Logged in as root you can change the password for any user you want. If you feel you need to do that to restrict it to people you know transitioned with the servers.

However in practice Admins should NOT know all the passwords. As noted before you're having root lets you do things like "su - <user>" so that you can become the user. There are a few things that require you to login directly as a user rather than su to it so the "real ID" is the same as the "effective ID" but it is only a rare thing and even then you should tell the user to modify the password when you're done so you don't know it any more. The only time I generally know user passwords is when I reset them for people that have forgotten them and then I tell them to change it on first login.

I can't imagine why an audit would require a list of users AND PASSWORDS!!! If an auditor asked me for a list of passwords I tell him to go jump up a stump. Your audit should contain a list of users possibly but more importantly should show there are no "crackable" passwords - not actually list what the passwords are.

Thanks for you help guys make more sense now, note an audtor doesnt require the details its for us guys to understand who and what the server serves.

I understand wanting to know which users are out there. I question how knowing the password lets you know purpose unless they are moronic enough to put the purpose in as the password. (That is to say if you have an account called e.g. "ftpuser" and the password is "ftp" you should shoot someone.)

Also you don't have to keep a separate list. You can store comments when you create a user. You can do it afterwards with "usermod -c <comment>"

e.g. for user "devgappl" I would typically include comment "DEVG Application Admin User for DBAs". Seeing this comment later when I do "grep devgappl /etc/passwd" lets me know
a) It is an administrative account rather than an individual user.
b) It is owned by the Database Administration team.
That way later if I have questions about the account I know who to ask.

One reason to keep a separate list would be to standardize accounts across multiple machines (assuming you're not using NIS or something similar) so that they all have the same UID. We keep a list of Users with UIDs here but don't store any other information about them except the primary GID.