System monitoring script

This script can be used to monitor two particularly difficult places in the Linux system — the system user shell and potentially dangerous file permissions.

Obtain the default shell auditing function

System accounts are used to provide services or perform special tasks. Generally speaking, such accounts require a corresponding record in the /etc/passwd file, but login to the system is prohibited (the root account is a typical exception).

• Prevent someone from using these accounts to log in by setting their default shell to /bin/false,/usr/sbin/nologin, or /sbin/nologin.
• When the default shell for the system account is changed to /bin/bash from the current settings, there will be problems .
• Although bad actors cannot log into the account without setting a password, this still weakens the security of the system .
• Therefore, account settings need to be audited to correct the incorrect default shell .
• One way to audit this potential problem is to determine how many accounts have their default shell set to false or nologin , and then check this number regularly . If a decrease is found, further investigation is necessary.
• First , use the cut command to get the default shell for all accounts in the /etc/passwd file:

# 1. for the /etc/passwd file. the delimiter is a colon (:) and the default shell for the account is located in the 7th field of…