I run daily audits of a Solaris OS Configuration component. Part
of the component is the /etc/shadow file. I don't want
the audit to fail when a user changes their password.
Therefore, is it possible to have the audit ignore the second
( encrypted password ) field of the /etc/shadow file ?
FYI. I ended up deleting /etc/shadow from my
template . I created an
extended object called etc_shadow_no_pass by using
the cut command to give me all the /etc/shadow fields except
field 2 ( encrpted password ) . Then, I added the
etc_shadow_no_pass extended object
to my existing template. Now I Snapshot and audit that template.