Unix auditing, password and ssh key strength

Submitted by sean on Sat, 11/01/2008 - 12:17

I had a project this week to audit 50 Linux/Unix systems, so after making some improvements to the scripts I re-wrote the documention for my auditing scripts: see http://sean.boran.com/audit

It was required to also check SSH private key files and list those that had no passphrases. A search of the net found two solutions, when were added to the audit SVN respository above.

Trivial Unix passwwords also had to be investigated, the old favourite 'john'  http://www.openwall.com/john still works really well (compiled with 'generic' on Suse11/i386).