#!/bin/sh

ROOT_UID=0      # Only users with $UID 0 have root privileges.
E_NOTROOT=67    # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]; then
  echo "Must be root to run this script."
  exit $E_NOTROOT
fi

# The command:
#  grep "^+:" /etc/passwd /etc/shadow /etc/group
# should produce no output.
# The + symbol was used by systems to include data from NIS maps into existing files. However, a certain
# configuration error in which a NIS inclusion line appears in /etc/passwd, but NIS is not running, could lead
# to anyone being able to access the system with the username + and no password. Therefore, it is important to
# verify that no such line appears in any of the relevant system files.
# The correct way to tell the local system to consult network databases such as LDAP or NIS for user information
# is to make appropriate modifications to /etc/nsswitch.conf.

grep "^+:" /etc/passwd /etc/shadow /etc/group | (cat <<EOF
This is an automated report of $0 on the server `hostname -s`.

grep "^+:" /etc/passwd /etc/shadow /etc/group
EOF
cat
) | /bin/mail -s "[Remove Legacy ’+’ Entries from Password Files]" root