Listing 3 Checking /etc/passwd file for root back doors

#!/usr/bin/ksh
#Name: passwd.chk
#Written by Rhonda Thorne
#Date 04/98
#This script is to check the /etc/passwd file for duplicate root UID 
#entries (root back doors)

count=`grep :0:3:/etc/passwd|wc -l`
if [ $count -gt 1 ]
        then
        echo "Passwd file has a root back door.  INVESTIGATE!" > \
  /tmp/passwd.lst
                echo "Here is the su to root list" >> \
  /tmp/passwd.lst
                grep `date +%m/%d` /var/adm/sulog|grep -e "-root" >> \
  /tmp/passwd.lst
                mailx sysadmin-page < /tmp/passwd.lst
        else
        exit
fi
rm /tmp/passwd.lst