Its well-known that some users insert their public keys into another user’s authorized_keys file to escalate their privileges. Let’s find out who’s playing silly games.
#!/usr/bin/bash
for id in `/usr/bin/ypcat passwd.byname | awk ‘!/’”$USER”‘/ {FS=”:”} { print $1 }’`
do
(ssh -qTn $id@$HOSTNAME id | grep $id >/dev/null) && \
echo “$USER cross-authorizes as $id on $HOSTNAME”
done
Advertisement
