Linux Password Security Audit: Shadow File Analysis and Policy Enforcement

Password Policy Fundamentals

A strong password policy is critical for preventing unauthorized access. Linux stores password policies in /etc/login.defs and enforces them through PAM modules.

Checking Password Policy

grep -E "^PASS_(MAX|MIN|WARN)" /etc/login.defs
grep "pam_pwquality" /etc/pam.d/common-password
grep "minlen\|dcredit\|ucredit" /etc/security/pwquality.conf

Detecting Empty Passwords

sudo awk -F: "\$2 == \"\"" /etc/shadow
sudo awk -F: "\$2 == \"!\"" /etc/shadow  # locked accounts
sudo awk -F: "\$2 == \"*\"" /etc/shadow  # disabled accounts

UID/GID Security

# Check for duplicate UIDs
awk -F: "{print \$3}" /etc/passwd | sort -n | uniq -d

# Find all UID 0 accounts (should only be root)
awk -F: "\$3==0" /etc/passwd

Password Aging

chage -l username
sudo chage -M 90 -m 7 -W 14 username

Automated Audit with dargslan-passwd-audit

pip install dargslan-passwd-audit
dargslan-passwd-audit
dargslan-passwd-audit --policy
dargslan-passwd-audit --empty
dargslan-passwd-audit --uid