#!/bin/sh

ROOT_UID=0      # Only users with $UID 0 have root privileges.
E_NOTROOT=67    # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]; then
  echo "Must be root to run this script."
  exit $E_NOTROOT
fi

# Run the command:
#  awk -F: '($2 == "") {print}' /etc/shadow
# If this produces any output, fix the problem by locking each account (see Section 2.3.1.4 above) or by setting
# a password.
# If an account has an empty password, anybody may log in and run commands with the privileges of that account.
# Accounts with empty passwords should never be used in operational environments.

awk -F: '($2 == "") {print}' /etc/shadow | (cat <<EOF
This is an automated report of $0 on the server `hostname -s`.

awk -F: '($2 == "") {print}' /etc/shadow
EOF
cat
) | /bin/mail -s "[Verify that No Accounts Have Empty Password Fields]" root