Hi all,

I've been searching for a solution to this and usually i find it here But now i'm a little bit stuck. Here is the issue:
I have RHEL servers and AIX ones, and the question is - is there a way to export the output of a file to a non-editable file format (ex pdf).
cat /etc/foo | grep sometext > file.pdf(or something)

i know about TexLex but, as you can imagine, corporate servers don't allow many outside software
Is there any other way that is built into Linux (that i'm probably not aware of) to do this task. Otherwise i have to provide quite a lot of screenshots to a very long file. I could write a script if it would reqire more than one command.

Thanks in adnavce and any suggestion, links etc are more than welcome.

If you have texinfo installed, it provides texi2pdf which will convert a TeX file to pdf. A simple which texi2pdf will probably tell you if you have the utility.

You might have to script what you want to do so you grep to a TeX file, then convert to pdf. Texinfo also provides a couple of other *2pdf utilities.

1 members found this post helpful.

What output do you want and what do you want to prevent? You can also use a2ps to create a PS and later on convert it to PDF. But PDF is still editable with some editors. To avoid a simple copy of text from the PDF you would need a special encoding vector so that copied text looks like garbage in any other application.

There are plugins for PDF viewer which make it more secure: FileOpen.

1 members found this post helpful.

Hi Guys,

Thank you for replaying.
One of the idea is - I have to prive evidence that there is nobody else with root privlieges (and/or group) except the root user of courese But i also need to send it as non-editable files, so when there is as an audit or something, the files shouldn't be able to be edited by anybody. as the /etc/passwd is quite long list, the client want's to see that there is only one root. If i export the file even with etc/passwod | grep 0 > foo, it could be edited by someone who is doing the rewiev, and if i do print screens it would take me quite a lot of time on all the servers. This is done monthly.
I'll try the proposed methods when i go to work and get back to you.

Thanks again.

So it’s more about confidence. What about putting the md5sum hash-value of the plain ASCII file somewhere, and the person doing the review can check the sent file with md5sum, which noone can change as it’s somewhere on a website or so.

1 members found this post helpful.

The problem about any report 'proving' that there is only 1 root on the system is that a report is a point-in-time view of the /etc/passwd file. If you schedule it in cron then all your theoretical abuser of the system needs to do is schedule a job shortly before to remove the naughty entry and another (as root... but then they've got root access so they can do stuff that the system considers done by real 'root') to put it back again.

The report that you are being asked to provide is more or less smoke and mirrors... it doesn't prove anything at any instant other than the one it was run. Making it not editable doesn't prove anything more or less.

There is a commercial product 'tripwire' (an IDS, Intrusion Detection System) which does constant monitoring for various security risks and security violations. Perhaps the person responsible for asking for this report would feel happier if something like tripwire were monitoring the server environment and looking for security violations, multiple root entries etc etc. But again, if your posit a system that is already compromised then IDS systems can't absolutely prove anything as you can't beleive their validity.

However an IDS is a lot more robust and it's a lot more beleivable than an extract of /etc/passwd.

Unlike an extract of /etc/passwd, an IDS is not cheap.

Does your server have access to a corporate email system? You could use some mailing engine on the Linux box to send an email of the report to the user on a regular basis. An email is inherently less tamperable by 'a.n.other' as they'd need to compromise your corporate email system as well. Or if you're really up for a challenge how about a program to monitor incoming emails (or other, monitor a port for incoming telnet connection etc etc), reply to a request from the named individual with a point-in-time view of the password file. So he can get a view at any time which will improve the confidence that no-one has written something around yoru schedule thet compromises the scheduled reports.

1 members found this post helpful.

Hi all thaks for the replays.

You are right it's about the smoke and mirros Ufortunatelly the client is not so technocally lirate, and currently we are in disscusion about that report. I know about tripwire, but for this account it's not being implemented yet.
As far as i undarstand from the meeting, they just want to know that there is no other root account on their systems (i guess they trust the team creating the accounts, but not the team providing the report ).

Anyway thank you all for the replays and the ideas.