Dallas, It does on Solaris. Doesn't do anything other to see if their is a matching entry in both /etc/passwd and /etc/shadow and it checks to see if the user is still able to log in. Linux should actually do the same thing, but Solaris PAM and Linux PAM do operate differently.
Pete >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Monday, February 27, 2006 11:50 >> To: [EMAIL PROTECTED] >> Cc: SpamAssassin >> Subject: Re: /etc/shadow access from SA >> >> >> [EMAIL PROTECTED] writes: >> > Our intrusion detection software started picking up thousands of >> > access attempts to /etc/shadow (the UNIX user password >> store) shortly >> > after installing SpamAssassin on our mail gateway. >> > >> > Could one of the developers comment on why SA might be doing this >> > and/or if this is even an intent? (Running SA 3.1.0) >> >> unfortunately, this is just what perl does when getpwuid() >> etc. are called from perl code; nothing we can do about it >> from SpamAssassin. >> >> can you config the IDS to silently refuse access? >> > > Justin, Are you positive? I don't see getpwnam or getpwuid accessing > /etc/shadow on linux. It hits /etc/passwd for the getpw* calls. > > # cat test.pl > my $uid = getpwnam('root'); > my $name = getpwuid(0); > print "name=$name uid=$uid\n"; > > # perl test.pl > name=root uid=0 > > # strace perl test.pl 2>&1 | grep passwd > open("/etc/passwd", O_RDONLY) = 3 > open("/etc/passwd", O_RDONLY) = 3 > > # strace perl test.pl 2>&1 | grep shadow > # > > spamassassin clearly hits /etc/shadow. > > # strace spamassassin 2>&1 | grep shadow > open("/etc/shadow", O_RDONLY) = 3 > > > Must be something else causing it. Maybe a module that SA requires? > > Cya, > D > > ---- Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Network and Systems Project Management and Installation and Web Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!!
