Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Security Audit account issues after an ESX install (1025565)

Symptoms

There are a number of default users that are created during a default installation of an ESX host. Security Audit may take issue with these accounts (especially Sync, Shutdown, and News) because they do not have the NoLogin value set in the etc/passwd file.

Resolution

The x in the etc/passwd file indicates that the encrypted password is stored in the /etc/shadow file. For example:

sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
news:x:9:13:news:/etc/news :

When viewing the /etc/shadow, file you can see that the 3 users are in the same format. For example:

sync:*:13971:0:99999:7:::
shutdown:*:13971:0:99999:7:::
news:*:13971:0:99999:7 :::

The * in the /etc/shadow file indicates that account has been disabled.
 
This means that without already having gained root access to the system, the Sync, Shutdown, and News accounts cannot be exploited.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: