Locked Accounts
#sudo cat /etc/security/user | grep -iE '\:|account_locked'|grep -iv '*'
Last password change date
#
for a in `cut -f1 -d: /etc/passwd | grep -v '\+' `;do echo $a; /usr/bin/sudo /usr/lbin/getprpw $a; done|cut -f9 -d ','
NFS shares:
#
/usr/bin/sudo cat /etc/exports||echo 'file not found'
Inactive Accounts:
#
/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/lastlog -s $user -a time_last_login;done
Last password change date:
#
/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/passwd -s $user -a lastupdate;done
All SNMP strings:
#
/usr/bin/sudo cat /etc/snmpd.conf|grep -iE '^[a-z][A-Z]'
Default SNMP
#
sudo cat /etc/snmpd.conf | grep -iE 'community|public|private' |grep -iv '# '
List of services:
#
/usr/bin/sudo cat /etc/services |grep -iE '^[a-z][A-Z]'
Users with uid=0, gid=0
#cat /etc/passwd | grep ':0:'
#cat /etc/group | grep ':0:'
Check if auditing service is running:
#
/usr/bin/sudo ps -ef |grep auditd|grep -v 'grep'||echo 'not enabled'
List of sudoer:
#
/usr/bin/sudo cat /etc/sudoers|grep -iE '^[a-z][A-Z]'
unmask value
sudo lssec -f /etc/security/user -s default -a umask
List of users:
sudo cat /etc/passwd|cut -d ':' -f1
account/password policy:
sudo lssec -f /etc/security/user -s default -a maxage
sudo lssec -f /etc/security/user -s default -a maxexpired
sudo lssec -f /etc/security/user -s default -a minalpha
sudo lssec -f /etc/security/user -s default -a minother
sudo lssec -f /etc/security/user -s default -a minlen
sudo lssec -f /etc/security/user -s default -a mindiff
sudo cat /etc/security/user | grep -iE '\:|loginretries'
sudo cat /etc/security/user | grep -iE '\:|histsize'
sudo cat /etc/profile |grep -i 'tmout'
sudo cat /etc/security/user | grep -iE '\:|histexpire'
sudo cat /etc/security/user | grep -iE '\:|pwdwarntime'
sudo cat /etc/security/user | grep -iE '\:|maxrepeats'
Login Delay
sudo cat /etc/security/login.cfg | grep -i 'logindelay'
Log Login attempts:
sudo ls -l /var/adm/ /etc/security |grep -iE 'loginlog|sulog|failedlogin'
cat /etc/services