Accounts
___Have you ever created an account?
___--A non-user account?
___Have you ever deleted an account?
___--Restored a deleted account?
___--Should you not have deleted it?
___Have you ever detected a security breach (break in, root compromise, or some such)?
___--Did you track down the jerk who did it?
___--Did you identify him/her?
___--Did you sick the FBI on him/her?
___--Did you get a conviction?
___--Did the perpetrator kill him/herself in jail out of remorse?
___Have you ever threatened to kill someone's account if they ask another stupid question?
___--Did you?
___Have you ever noticed that some 'remove_user' shell scripts clean up by removing the user's home directory?
___--Did you notice this before you removed a system account whose home directory is '/'?
___Do you keep more than one account for personal use?
___Do you have accounts on alien networks (not administered by you) for "debugging" purposes?
___--Do you not allow them on your own system?
___Do you grant "guest" accounts to your friends?
___--Does the number of guests ever exceed the number of legitimate users?
___Have you ever had an account on a machine on the ARPANET?
___--BITNET?
___--MILNET (only if you don't work in the military)?
___--Do they still work?
___--Can you prove it?
___Do you have a user named "ingres"?
___--Have you caught people logged in from remote sites into that account?
Passwords
___Do your accounts have passwords?
___--All of them?
___Do you run Crack on passwords?
___--Does it take longer than a week?
___----Even though it checks only recently changed passwords?
___Have you ever used any of the following passwords (case insensitive):
• abcdef
• 123456
• qwerty
• xyzzy
• M1PQ
• password
___--Were these used as root passwords?
___--More than once?
___Do you have a different root pasword than your own password?
___--Is it crack-able?
___Have you ever forgotten your root password?
___--Did it matter?
___Do you have multiple uid-0 accounts on your system?
___--Do any of them have no password?
___--Do any of them have no password and a standard shell?
___Do you have equivalenced hosts (.rhosts, hosts.equiv)?
___--Did you check user verifications?
___Do you use shadow passwords?
___--Does your system officially support it?
___Do you have passworded groups?
___Do you have any padded-password systems installed?
___--Are they used?
___Do you silently change users' passwords?
___--More than once per week?
___Do you trust someone else with the root password while you're on vacation?
___Do all dial-up IP users use the same dial-up IP account?
___--Without security handshaking?