1 Reply Latest reply on Jun 30, 2017 11:54 AM by Kary Tankink

    Hips disabling root password change

    dannyburnley

           Hi,

       

      Is there any way hips can disable users from changing the root password on Linux?

        • 1. Re: Hips disabling root password change
          Kary Tankink

          I would say no.  Signature 3021 protects the passwd files, but doesn't prevent proper password changes.

           

          This event indicates an attempt to modify or remove the "passwd" or "shadow" files by a process other than passwd(1)

          This is indicative of an attack. Attackers sometimes write directly to this file to add privileged users to the system, or change permissions of these files to a world-writable state for malicious reasons.