edoceo

When trying to lockdown a system the removal of useless users and groups, ones who don't own anything, is a good start. The script below finds files who don't have valid user or group owners and finds users and groups who don't own any files. Of course many other things should be done as well to secure a system.

The Script

Copy and paste this or download useless-users from here.

#/bin/bash
# run this as root

CHECK_DIRS="/dev /etc /home /opt /usr /var"
DEPTH="3"

# Find files with no user or group attached
/usr/bin/find $CHECK_DIRS -depth -maxdepth $DEPTH -xdev -nouser -nogroup

# This finds users who don't have any files
for u in `/bin/grep -v 'root' /etc/passwd |/bin/cut -d: -f1`
do
  echo -n "$u..."
  x=`/usr/bin/find $CHECK_DIRS -depth -maxdepth $DEPTH -xdev -user $u |wc -l`
  if [ $x -gt 0 ]; then
    echo "cannot be deleted"
  else
    echo "can be deleted"
  fi
done

# Same as above but for groups
for g in `/bin/grep -v 'root' /etc/group |/bin/cut -d: -f1`
do
  echo -n "$g..."
  x=`/usr/bin/find $CHECK_DIRS -depth -maxdepth $DEPTH -xdev -group $g |wc -l`
  if [ $x -gt 0 ]; then
    echo "cannot be deleted"
  else
    echo "can be deleted"
  fi
done

Loading Comments from Disqus...