#!/bin/sh

ROOT_UID=0      # Only users with $UID 0 have root privileges.
E_NOTROOT=67    # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]; then
  echo "Must be root to run this script."
  exit $E_NOTROOT
fi

# This command will print all password file entries for accounts with UID 0:
#  awk -F: '($3 == "0") {print}' /etc/passwd
# This should print only one line, for the user root. If any other lines appear, ensure that these additional
# UID-0 accounts are authorized, and that there is a good reason for them to exist.
# In general, the best practice solution for auditing use of the root account is to restrict the set of cases in which
# root must be accessed anonymously by requiring use of su or sudo in almost all cases. Some sites choose to have
# more than one account with UID 0 in order to differentiate between administrators, but this practice may have
# unexpected side effects, and is therefore not recommended.

awk -F: '($3 == "0") {print}' /etc/passwd | (cat <<EOF
This is an automated report of $0 on the server `hostname -s`.

awk -F: '($3 == "0") {print}' /etc/passwd
EOF
cat
) | /bin/mail -s "[Verify that No Non-Root Accounts Have UID 0]" root