#!/bin/sh
#
#  This script is designed to check for common weaknesses in passwords
# 
#  It is part of the 'checksecurity' package, and tests may be configured
# by the global file '/etc/checksecurity.conf' and the file 
# '/etc/checksecurity/check-password.conf'.
#
#
# Steve
# --
# http://www.steve.org.uk/



#
#  Test for duplicate root login accounts.
#
if [ "x$CHECK_PASSWORD_DUPLICATES" = "xTRUE" ]; then 

  # Count of UID 0 accounts
  NROOT=`awk -F: '{if (0 == $3) print;}' /etc/passwd | wc -l`

  # If more than one warn
  if [ "$NROOT" != "1" ]; then
    # Warn and display offenders
    echo "There is more than one root login acounts"
    awk -F: '{if (0 == $3) print;}' /etc/passwd
  fi
fi


#
#  Test for accounts which have no password.
#
if [ "x$CHECK_PASSWORD_EMPTY" = "xTRUE" ]; then 
   #
   # Only test for empty passwords if there is /etc/shadow.
   #
   if [ -e /etc/shadow ] ; then
       awk -F: '{print $1,$2}' /etc/shadow |
         while read username passwd
         do
          case $passwd in
              "")
	           echo User $username has an empty password
               ;;
              *)
               ;;
          esac
	    done
    fi
fi

