Figure 8 - Sample Tool Output (Tiger - verbose mode)

# Performing check of user accounts...
# Checking accounts from /etc/passwd.

--WARN-- [acc001w] Login ID adm is disabled, but still has a valid shell (/bin/sh).

The listed login ID is disabled in some manner ('*' in passwd field, etc), but the login shell for the login ID is a valid shell (from /etc/shells or the system equivalent). A valid shell can potentially enable the login ID to continue to be used. The login shell should be changed to something that doesn't exist, or to something like /bin/false.

--INFO-- [acc002i] Login ID uucp is disabled, and has a shell of /usr/libexec/uucico.

The listed login ID is disabled, but has a potentially valid shell. These can usually be safely ignored.

--WARN-- [acc006w] Login ID smith's home directory (/home/smith) has group 'staff' write access.

The home directory of the listed login ID has group write permission, world write permission or both enabled. This allows new files to be added and existing files potentially removed) by others. The write permissions should be removed.

--ALERT-- [acc007a] Logon ID jones has a non-zero length .hushlogin

The listed login ID has a '.hushlogin' file which is not zero-length. This file is normally a zero length file. This file is frequently used by intruders as a place to store captured passwords. This file should be looked at. If it appears to be such a log file, then the system should be regarded as being compromised. The system should be thoroughly checked and cleaned.