In this section, we will describe how to implement some integrity checks to support the finding signs of system manipulation in Linux and similar (for example, BSD) systems.
These checks include the following:
The information about local users in Linux is mostly stored in two files:
/etc/shadow. The latter is optional and all the information about local users—including the hashed password—was originally stored in
/etc/passwd. Soon, it ...