Software security



Download 2,1 Mb.
Sana17.04.2022
Hajmi2,1 Mb.
#559234
Bog'liq
Authenticate Users with BASH Script



Done by:Shoxrux Usmonov
checked by:Iskandar olimov

Software security
1-assignment

Authenticate Users with BASH Script and AWK


We know that on Linux systems the user’s password is stored in the /etc/shadow file usually. At least for local accounts, we can always query the shadow database and lookup users in a directory backend like AD or openLDAP. We will start the process to authenticate users with bash script and AWK by checking the shadow database with the getent command


getent is a Linux command that helps the user to get the entries in a number of important text files called databases. This includes the passwd and the group of databases which stores the user information. Hence getent is a common way to look up in user details on Linux. Since getent uses the same name of service as the system, getent will be going to show all information, including that gained from the network information sources such as LDAP. The databases it usually searches in are: ahosts, ahostsv4ahostsv6aliasesethers (Ethernet addresses), groupgshadowhostsnetgroupnetworkspasswdprotocolsrpcservices, and shadow. To extract just the second field we can start to look at the use of AWK. When authenticating users, AWK starts simple and becomes just a little more complex. So we can work through some examples. When using a static user name the process is simple.

his all looks very easy so far but we would not normally want to hard code the name of the user to authenticate, it will be passed by a variable and it is here where the problems start. For the moment I will use the $USER variable as I am logged in as the user shoxrux.





$ sudo awk -F: '/^$USER/{ print $2 }' /etc/shadow
Using the -v option to AWK we can set an AWK variable that does not the $ syntax, we can set this for our regular expression where we need to look starting with the user name to authenticate, eventually in our bash script. The tilde ~ is the match operator and we now search the complete line, $0, for our pattern.


Starting the Script
To start the script we need to develop we can add the code so far to a bash script, but prompting for the user with the read command.

Split Elements of the Password Field
The password field from the shadow database is broken into three further fields. The algorithm used, the SALT and the password hash. The $ is used to delimit the fields, but it starts with a $ so the first filed will always be empty. This is more convenient for us as the first field is index 0, so the first field we want is index 1. To split the password field into the three elements we read it into an array


What is the SALT
The SALT is text that is added to the password to help create unique password hashes. If the SALT is random, even if users have the same password the hash produced will be different as the hash is a combination of the Password and SALT encrypted via the hashing algorithm. In our case this is 6 or SHA512. If the same SALT is used then the hash will be the same if the password is the same. This is how users are authenticated. The password hash cannot be decrypted meaning that not even root can read your password. The resulting password hash created by combing the user input with the original SALT is compared with the original hash. If they match the user is authenticated.






References
https://www.geeksforgeeks.org/getent-command-in-linux-with-examples/
https://www.cyberciti.biz/faq/understanding-etcshadow-file/
Download 2,1 Mb.

Do'stlaringiz bilan baham:




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish