This file is indexed.

/usr/lib/tiger/systems/Linux/2/check_passwdspec is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 2003 Javier Fernandez-Sanguino
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_passwdspec: Perform system specific password checks here like
#               password aging checks, etc.
# 
# 05/14/2005 jfs - Patch from Nicolas François which checks the user strictly
# 05/14/2005 jfs - Better fix for pwd=! (Debian bug #308141)
# 03/21/2005 jfs - Fixed password aging check. Separate all checks so that
#                  they prevent bugs if pwd="!" (Debian Bug #297889)
# 01/10/2004 cslater - Added logic to skip password aging check if the
#                  account is disabled (! or * in password)
# 11/19/2003 jfs - Patch from Ryan Bradetich changing acc016w to pass19w
# 08/29/2003 jfs - CHAGE errors redirected to /dev/null and grep is now $GREP
# 08/09/2003 jfs - Renamed to check_passwdspec and added CHAGE to dependancies.
# 07/10/2003 rbradetich@uswest.net - Initial release
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"

# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}
. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallfiles BASEDIR || exit 1
  haveallcmds CUT CHAGE || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}
#------------------------------------------------------------------------
haveallfiles BASEDIR || exit 1
haveallcmds CUT CHAGE || exit 1

echo
echo "# Verifying system specific password checks..."

saveifs=$IFS
IFS=:
# Check for password aging
[ -r /etc/passwd ] && {
  $CUT -d: -f1,2 /etc/passwd |
  while read user pwd
  do
 
    [ "$Tiger_Check_PASSWD_SHADOW" = 'Y' ] && [ -s /etc/passwd ] && [ "x$pwd" != "xx" ] && {
      message WARN pass20w "" "Login ID $user is not configured to use shadow passwords."
    }

   # For expiration, pull the password string from /etc/shadow if it exists
   [ -r /etc/shadow ] && { 
        pwd=`$GREP "^$user:" /etc/shadow | $CUT -d: -f2`
   }
   # Skip this check if the user account is locked
   [ "x$pwd" != 'x!' ] && [ "x$pwd" != 'x*' ] && {
    	if $CHAGE -l $user 2>/dev/null | $GREP "Password Expires:" | $GREP Never >/dev/null 2>&1
    	then
          message WARN pass19w "" "Login ID $user does not have password aging enabled."
    	fi
   }

  done
}
IFS=$saveifs

exit 0