Ubuntu
checksecurity package

Checksecurity will not check for duplicate root accounts

Bug #2069587 reported by elfrinjo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
checksecurity (Ubuntu)
New
Undecided
Unassigned

Bug Description

# OS & package versions
Ubuntu 20.04 2.0.16+nmu1ubuntu1
Ubuntu 22.04 2.0.16+nmu3ubuntu1
Ubuntu 24.04 2.0.16+nmu4ubuntu1

# What you expected to happen
Checksecurity should warn about duplicate users with id == 0

# What happened instead
It does not

# Reason
/etc/checksecurity/check-passwd.conf sets CHECK_PASSWORD_WARN_UIDS="TRUE" to activate this warning.

/usr/share/checksecurity/check-passwd tests for "x$CHECK_PASSWORD_DUPLICATES" = "xTRUE" on whether to enable the test.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for the bug report and for helping to improve Ubuntu.

I tried to fix this issue with the package available in this PPA (only available for 24.04 noble):

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/checksecurity-fix

Could you please test it and let me know if everything is looking good?

This package is kind of unmaintained for many years in Debian, ideally we should upload this fix there, fix the Ubuntu development release (oracular) by syncing it, and then SRU the fix to stable releases.

Revision history for this message
elfrinjo (elfrinjo) wrote :

Hi Lucas, this works as expectedt, thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.