Assignment – System Administration.

NAME – RAHUL SINGH

ENROLL. NO. – GN0506
ROLL NO – 21CSMSA109
Department of Computer science
Q 1.) Explain the difference between Hackers, Crackers and Phreaker’s
with the help of suitable examples.
Sol-

Hacking
It is a form of planning or a technique that people use to get access to various
unauthorized systems, software, and devices. In simpler words, hacking is the
process of gaining access to a computer or a network that might not be legal or
permitted for any random user. The people who master hacking are very skilled
with computer systems and have a great deal of knowledge about various
software and hardware devices.
The people who have hacking skills are basically of three types:
 Hackers
 Crackers
 Phreakers

Hackers-
These are people who hack devices and systems with good intentions. They
might hack a system for a specified purpose or for obtaining more knowledge
out of it. Hackers work by finding loopholes in a given system and by covering
these loopholes. They are basically programmers who gather extensive
knowledge regarding programming languages and operating systems (OS).
They never intend to harm, compromise, or damage any system data.
Crackers-
These are people who hack a system by breaking into it and violating it with
some bad intentions. They may hack a system remotely for stealing the
contained data or for harming it permanently. In simpler words, crackers
destroy the data and information contained in a system by getting unauthorized
access to its concerned network. They always keep their works hidden because
what they do is illegal and mostly prohibited or forbidden. A cracker can easily
bypass your device’s passwords, company websites, social media, personal
bank details and can use those details for directly transferring money from your
bank.
Phreakers
Phreakers are hackers who specialize in attacks on the telephone system.
Phreakers originally referred to groups who reverse-engineered the system of
tones used to route long-distance calls. Phreakers re-created these tones,
enabling them to switch calls from their phone handset and make free calls
toanywhere in the world. Phreaking essentially ended in 1983 when telephone
companies upgraded their lines to common channel interoffice signaling (CCIS),
which separated signaling from the voice line. Modern phreaking involves
breaking into and manipulating the phone company’s computer system,
making it specialized hacking. Phreaking is distinct from “phone hacking,”
which uses telephone technology to steal information.

Q 2.) Explain different types of attacks against a system. How a secured

system is attacked?
Sol-
1. Operating System Attacks.

Today’s Operating Systems (OS) are loaded with features and are increasingly
complex. While users take advantage of these features, they are prone to more
vulnerabilities, thus enticing attackers. Operating systems run many services
such as graphical user interfaces (GUIs) that support applications and system
tools and enable Internet access. Extensive tweaking is required to lock them
down. Attackers constantly look for OS vulnerabilities that allow them to
exploit and gain access to a target system or network. To stop attackers from
compromising the network, the system or network administrators must keep
abreast of various new exploits and methods adopted by attackers and monitor
the networks regularly.

2. Misconfiguration Attacks.

Security misconfiguration or poorly configured security controls might allow

attackers to gain unauthorized access to the system, compromise files, or
perform other unintended actions. Misconfiguration vulnerabilities affect web
servers, application platforms, databases, networks, or frameworks that may
result in illegal access or possible system takeover. Administrators should
change the default configuration of the devices before deploying them in the
production network. To optimize the configuration of the machine, remove any
unneeded services or software. Automated scanners detect missing patches,
misconfigurations, use of default accounts, unnecessary services, and so on.

3. Application-Level Attacks.

Software developers are often under intense pressure to meet deadlines, which
can mean they do not have sufficient time to completely test their products
before shipping them, leaving undiscovered security holes. This is particularly
troublesome in newer software applications that come with a large number of
features and functionalities, making them more and more complex. An increase
in the complexity means more opportunities for vulnerabilities. Attackers find
and exploit these vulnerabilities in the applications using different tools and
techniques to gain unauthorized access and steal or manipulate data.

4. Shrink-Wrap Code Attacks.

Software developers often use free libraries and code licensed from other
sources in their programs to reduce development time and cost. This means that
large portions of many pieces of software will be the same, and if an attacker
discovers vulnerabilities in that code, many pieces of software are at risk.
5. Man-in-the-middle (MitM) attack.

A MitM attack occurs when a hacker inserts itself between the communications
of a client and a server. Here are some common types of man-in-the-middle
attacks:
 Session hijacking
 IP Spoofing
 Replay

6. Phishing and spear phishing attacks.

Phishing attack is that the practice of sending emails that appear to be from
trusted sources with the goal of gaining personal information or influencing
users to do something. It combines social engineering and technical trickery. It
could involve an attachment to an email that loads malware onto your computer.
It could even be a link to an illegitimate website which will trick you into
downloading malware or handing over your personal information.

7. Drive-by attack.

Drive-by download attacks are a standard method of spreading malware.

Hackers search for insecure websites and plant a malicious script into HTTP or
PHP code on one among the pages. This script might install malware directly
onto the pc of somebody who visits the site, or it’d re-direct the victim to a site
controlled by the hackers. Drive-by downloads can happen when visiting a
website or viewing an email message or a pop-up window. Unlike many other
types of cyber security attacks, a drive-by doesn’t rely on a user to do anything
to actively enable the attack — you don’t need to click a download button or
open a malicious email attachment to become infected. A drive-by download
can cash in of an app, operating system or web browser that contains
Q 3.) Identify different types of risks to a computer system, Explain each of
them.
Sol-
A computer security risk is really anything on your computer that may damage
or steal your data or allow someone else to access your computer, without your
knowledge or consent. There are a lot of different things that can create a
computer risk, including malware, a general term used to describe many types
of bad software. We commonly think of computer viruses, but, there are several
types of bad software that can create a computer security risk, including viruses,
worms, ransomware, spyware, and Trojan horses. Misconfiguration of computer
products, as well as unsafe computing habits, also pose risks.
1. Ransomware

This is a form of malware (malicious software) that attempts to encrypt

(scramble) your data and then extort a ransom to release an unlock code. Most
ransomware is delivered via malicious emails. Follow these key steps to protect
your company.
• Staff awareness: staff should be wary of unsolicited emails, particularly those
that ask for a prompt response.
• Malware protection: install and maintain good anti-virus and malware
protection software.
• Software updates: keep your applications up to date.
• Data backups: a series of well managed data backups will allow you to recover
from an unencrypted version of a file. Make sure you regularly test your
backups.
2. Phishing

Phishing is an attempt to gain sensitive information while posing as a

trustworthy contact, for example a bank or online service. Spear phishing is a
highly targeted attempt to gain information from an individual. Phishing emails
may look completely convincing, often with faultless wording and genuine
logos. There is a form of spear phishing, where a fake email from a CEO
applies pressure on a CFO into making an urgent payment, this has become
known as Whaling. It is worth considering ways to add additional safeguards to
protect the identity of CEOs and CFOs to prevent impersonation. Here are a few
steps you can use to protect yourself.
• Keep in mind that companies simply do not ask for sensitive information.
• Be suspicious of unexpected emails.
• Make use of anti-malware software.
• Make sure you have spam filters turned on. Check them regularly in case they
have accidentally trapped an innocent email.
3. Data leakage
While cyber security in the office may seem challenging, it is essential to
understand that security extends well beyond the office these days. The use of
smart phones and tablets has become widespread. The ubiquitous and cheap
nature of portable storage devices makes them a useful tool for the backup and
transportation of data. Those features mean they are also a target for data
thieves. The following pointers provide useful first steps to prevent data leaking
from your organisation.
• Ensure mobile devices have passcode locks.
• Turn on the tracking by GPS and the option to remotely wipe the device if it is
lost.
• The use of encryption software is highly recommended when using portable
storage devices.
• Keep an eye on your mobile devices and paperwork at all times. A large
proportion of crime is opportunistic, taking your eye off your briefcase or smart
device could result in a serious loss of data.
4. Hacking

Gaining access to IT systems from outside an organisation still offers rich

pickings for criminals. Traditionally they have attempted to gain access to bank
account information or credit card databases. However, intellectual property is
another source of value. The use of social engineering, tricking staff into
revealing user names and passwords, remains a threat. • The primary methods to
protect yourself from hacking are network firewalls, data access security,
procedures for providing and removing access, and user awareness and training.
5. Insider threat

If your organisation employs staff (full time or as contractors), there is a

possibility they could leak data by mistake or maliciously. The potential damage
from a leak of documents cannot be underestimated. Use these tips to mitigate
the size of any data leak.
• Educate your team to be alert to issues and minimise careless mistakes.
• Limit how much data staff has access to. The principle of ‘least privilege
access’ should apply to all IT systems. Only provide staff with the minimum
access they need to do their roles.
• Control the use of portable storage devices, such as USB memory keys,
portable hard drives and media players.
• Consider using applications in certain situations to monitor staff behaviour −
who copies what.
Q 4.) Explain with the help of suitable examples Linux file level security.
Sol-

File Security
Access rights: Linux's first line of defence
The Linux security model is based on the one used on UNIX systems and is as
rigid as the UNIX security model (and sometimes even more), which is already
quite robust. On a Linux system, every file is owned by a user and a group user.
There is also a third category of users, those that are not the user owner and
don't belong to the group owning the file. For each category of users, read, write
and execute permissions can be granted or denied.
The ls -l command displays file permissions for these three user categories; they
are indicated by the nine characters that follow the first character, which is the
file type indicator at the beginning of the file properties line. As seen in the
examples below, the first three characters in this series of nine display access
rights for the actual user that owns the file. The next three are for the group
owner of the file, the last three for other users. The permissions are always in
the same order: read, write, execute for the user, the group and the others. Some
examples:
rahul:~> ls -l To_Do
-rw-rw-r-- 1 rahul users 5 Jan 15 12:39 To_Do
rahul:~> ls -l /bin/ls
-rwxr-xr-x 1 root root 45948 Aug 9 15:01 /bin/ls*
The first file is a regular file (first dash). Users with user name rahul or users
belonging to the group users can read and write (change/move/delete) the file,
but they can't execute it (second and third dash). All other users are only
allowed to read this file, but they can't write or execute it (fourth and fifth dash).
The second example is an executable file, the difference: everybody can run this
program, but you need to be root to change it.
The Info pages explain how the ls command handles display of access rights in
detail, see the section What information is listed.
For easy use with commands, both access rights or modes and user groups have
a code. See the tables below.
Access mode codes
Code Meaning
0 or - The access right that is supposed to
be on this place is not granted.
4 or r read access is granted to the user
category defined in this place
2 or w write permission is granted to the
user category defined in this place
1 or x execute permission is granted to the
user category defined in this place

User group codes

Code Meaning
u user
permissions
g group
permissions
o permissions
for others

This straight forward scheme is applied very strictly, which allows a high level
of security even without network security. Among other functions, the security
scheme takes care of user access to programs, it can serve files on a need-to-
know basis and protect sensitive data such as home directories and system
configuration files.
You should know what your user name is. If you don't, it can be displayed using
the id command, which also displays the default group you belong to and
eventually other groups of which you are a member:
rahul:~> id
uid=504(rahul) gid=504(rahul) groups=504(rahul),100(users),2051(org)
Your user name is also stored in the environment variable USER:
rahul:~> echo $USER
Rahul
Q 5.) Discuss various Linux/Unix security principles.
Sol-
It is still common that people do not know where to start when it comes to
information security. With 5 basic principles we can improve the Linux system
security and question ourselves if we have done enough.
1. Know your system(s)

The first principle is about knowing what your system is supposed to do. What
is its primary role, what software packages does it need and who needs access?
By knowing the role of the system you can better defend it against known and
unknown threats.
Security Measures:
 Password policy
 Proper software patch management
 Configuration management
 Documentation

2. Least Amount of Privilege

Each process running, or package installed, might become a target. Security
professionals call this the “attack surface”. What you want is to minimize this
attack surface by removing unneeded components, limit access and by default
use a “deny unless” strategy. This latter means that access by default is blocked,
unless you allow it (whitelisting).
Security Measures:
 Use minimal/basic installation
 Only allow access to people who really need it

3. Perform Defense in Depth

Protect the system by applying several layers of security. This principle is

named “defense in depth” and can be compared with an onion: to get to the
core, you have to peel of layer by layer. One broken defense might help us
protect against full compromise.
Security Measures:
 IPtables / Nftables
 Hardening of software components

4. Protection is Key, Detection is a Must

Security focuses on the protection of assets. While this is a primary objective,

we should consider that one day our defenses are broken. Therefore we want to
know this as soon as possible, so we can properly act. This is where principle 3
and 4 both are linked. Set-up proper detection methods, similar to the trip wires
used by the military.
Security Measures:
 Linux audit framework
 Remote Logging
 Create backups and test them

5. Know your Enemy

You can only protect a system the right way, if you know what threats you are
facing. Why would this system be a target and who would be targeting it?
Perform a risk analysis and determine what potential threats your system
might endure.
Security Measures:
 Vulnerability scans
 Penetration tests
 Risk analysis

Q 6.) What do you understand by system security holes? How they can be
plugged?
Sol-
A system security hole is a flaw or weakness in system security procedures,
design, implementation, or internal controls that could be exercised
(accidentally triggered or intentionally exploited) and result in a security breach
or a violation of the system's security policy. Alternatively referred to as a
security hole, a vulnerability is a security weakness in a computer system that
permits unauthorized or unwelcome access. For example, an Internet browser
could have a vulnerability that crashes the browser or grants someone else
access to files on your computer when you visit their site.
When a vulnerability is detected in software, its developer must update or patch
the insecure code. However, if the program is no longer supported by the
developer, it cannot get fixed and remains vulnerable. If the vulnerability is with
a network, it would be up to the network administrator to correct it.

To plug system security holes following things can be done:

Identify Existing Threats and Vulnerabilities: Identifying and addressing

vulnerabilities will become more difficult as the number of devices and
cloud-based applications on defense networks proliferates. Although
government IT managers have gotten a handle on bring-your-own-device
issues, undetected devices are still used on DoD networks. Scanning for
applications and devices outside the control of IT is the first step toward
plugging potential security holes. Apps like Dropbox and Google Drive may
be great for productivity, but they could also expose the agency to risk if
they’re not security hardened. The next step is to scan for hard-to-find
vulnerabilities. The OIG report called out the need to improve “information
protection processes and procedures.” Most vulnerabilities occur when
configuration changes aren’t properly managed. Automatically scanning for
configuration changes and regularly testing for vulnerabilities can help
ensure employees follow the proper protocols and increase the department’s
security posture.

Implement Continuous Monitoring, Both On-Premises and in the Cloud:

While the OIG report specifically stated the DoD must continue to
proactively monitor its networks, those networks are becoming increasingly
dispersed. It’s no longer only about keeping an eye on in-house applications;
it’s equally as important to be able to spot potential vulnerabilities in the
cloud. DoD IT managers should go beyond traditional network monitoring
and look more deeply into the cloud services they use. The ability to see the
entire network, including destinations in the cloud, is critically important,
especially as the DoD becomes more reliant on hosted service providers.

Establish Ongoing User Training and Education Programs: A well-trained

user can be the best protection against vulnerabilities, making it important
for the DoD to implement a regular training cadence for its employees.
Training shouldn’t be relegated to the IT team alone. A recent study
indicates insider threats pose some of the greatest risk to government
networks. As such, all employees should be trained on the agency’s policies
and procedures and encouraged to follow best practices to mitigate potential
threats. The National Institute of Standards and Technology provides an
excellent guide on how to implement an effective security training program

Lock the machines to limit the access: If you have a janitorial staff or a
rented facility with other company, you should lock your systems to prevent
unauthorized access. In 2000, a news report said that hard drives containing
nuclear secrets were stolen from the Los Alamos National Laboratory. Like
many other companies, you can get an internal access system which notifies
you when the machine is open by ringing an alarm. Another way to limit the
access is to buy systems having internal jumper pins. These pins can be
shorted to reset the settings as per requirement. Companies must make it a
 policy that any employee, when leaving his desk, must lock the system. Most
corporate espionage is done when someone away from the work area has left
confidential documents unsecured on the system.

Encrypt the data: Encrypt your data to prevent your transactions from being
sniffed. Maximum keys should be applied to the individual values of a
message before scrambling them. A 40 or 56-bit encryption is usually
considered as weak. Pretty Good Privacy (PGP) is a software encryption
program that is freely available on net.

Q 7.) with reference to AWK , explain different types of selections.

Sol-

Different types of selections in AWK are:

Selection by Comparison
This program uses a comparison pattern to select the records of employees who
earn $5.00 or more per hour, that is, lines in which the second field is greater
than or equal to 5:
$2 >= 5
It selects these lines from emp. data:
Mark 5.00 20
Mary 5.50 22
Selection by Computation
The program $2 * $3 > 50 { printf("$%.2f for %s\n", $2 * $3, $1) }
prints the pay of those employees whose total pay exceeds $50:
$100.00 for Mark
$121.00 for Mary
$76.50 for Susie
Selection by Text
Content Besides numeric tests, you can select input lines that contain specific
words
or phrases. This program prints all lines in which the first field is Susie:
$1 == "Susie"
The operator ==tests for equality. You can also look for text containing any of a
set
of letters,words, and phrases by using patterns called regular expressions. This
program prints all lines
that contain Susie anywhere:
/Susie/
The output is this line:
Susie 4.25 18
REFERENCE TABLE

Beth 4.00 0
Dan 3.75 0
Kathy 4.00 10
Mark 5.00 20
Mary 5.50 22
Susie 4.25 18

Q 8.) Explain the concept of regular expressions and meta characters in

AWK with the help of a suitable example.
Sol-
Regular Expression-
A regular expression, or regexp, is a way of describing a set of strings. Because
regular expressions are such a fundamental part of awk programming, their
format and use deserve a separate chapter.
A regular expression enclosed in slashes (`/') is an awk pattern that matches
every input record whose text belongs to that set.
The simplest regular expression is a sequence of letters, numbers, or both. Such
a regexp matches any string that contains that sequence. Thus, the regexp `foo'
matches any string containing `foo'. Therefore, the pattern /foo/ matches any
input record containing the three characters `foo', anywhere in the record.
A regular expression can be used as a pattern by enclosing it in slashes. Then
the regular expression is tested against the entire text of each record. (Normally,
it only needs to match some part of the text in order to succeed.) For example,
this prints the second field of each record that contains the three characters `foo'
anywhere in it:
$ awk '/foo/ { print $2 }' BBS-list
-| 555-1234
-| 555-6699
-| 555-6480
-| 555-2127
Regular expressions can also be used in matching expressions. These
expressions allow you to specify the string to match against; it need not be the
entire current input record. The two operators, `~' and `!~', perform regular
expression comparisons. Expressions using these operators can be used as
patterns or in if, while, for, and do statements.
exp ~ /regexp/
This is true if the expression exp (taken as a string) is matched by regexp. The
following example matches, or selects, all input records with the upper-case
letter `J' somewhere in the first field:
$ awk '$1 ~ /J/' inventory-shipped

-| Jan 13 25 15 115
-| Jun 31 42 75 492
-| Jul 24 34 67 436
-| Jan 21 36 64 620
So does this:
awk '{ if ($1 ~ /J/) print }' inventory-shipped

exp !~ /regexp/

This is true if the expression exp (taken as a character string) is not matched by
regexp. The following example matches, or selects, all input records whose first
field does not contain the upper-case letter `J':
$ awk '$1 !~ /J/' inventory-shipped
-| Feb 15 32 24 226
-| Mar 15 24 34 228
-| Apr 31 52 63 420
-| May 16 34 29 208
...
When a regexp is written enclosed in slashes, like /foo/, we call it a regexp
constant, much like 5.27 is a numeric constant, and "foo" is a string constant.
Regular expressions are made of:
 Ordinary characters such as space, underscore(_), A-Z, a-z, 0-9.
 Meta characters that are expanded to ordinary characters, they include:
 (.) it matches any single character except a newline.
 (*) it matches zero or more existences of the immediate character preceding
it.
 [ character(s) ] it matches any one of the characters specified in character(s),
one can also use a hyphen (-) to mean a range of characters such as [a-f], [1-5],
and so on.
 ^ it matches the beginning of a line in a file.
 $ matches the end of line in a file.
 \ it is an escape character.

Q 9.) Explain how user defined functions are written in AWK, write a
function to compute factorial of a number.
Sol-
Functions are basic building blocks of a program. AWK allows us to define our
own functions. A large program can be divided into functions and each function
can be written/tested independently. It provides re-usability of code.
Given below is the general format of a user-defined function –
Syntax:
Function function_name(argument1.argument2,…)
{
Function body
}
In this syntax, the function_name is the name of the user-defined function.
Function name should begin with a letter and the rest of the characters can be
any combination of numbers, alphabetic characters, or underscore. AWK's
reserve words cannot be used as function names.
Functions can accept multiple arguments separated by comma. Arguments are
not mandatory. You can also create a user-defined function without any
argument.
function body consists of one or more AWK statements.

Function to find Factorial of a given number is—

BEGIN
{ main(); }
function main()
{ facto(); }
function facto()
{
printf("\n Enter The Number: ");
getline n;
fact=1;
for(i=n;i>1;i--)
fact=fact*i;
printf("\nFactorial of %d is %d",n,fact);
}

Q 10.) Explain the difference between shadow password file and normal
password file in linux. Give the structure of both the files
Sol-
NORMAL PASSWORD-
Traditional Unix systems keep user account information, including one-way
hashed passwords, in a text file called /etc/passwd. As this file is used by many
tools (such as ls) to display file ownerships, etc. by matching user id #'s with the
user's names, the file needs to be world-readable. Consequentally, this can be
somewhat of a security risk.

STRUCTURE OF NORMAL PASSWORD—

Understanding /etc/passwd file fields
The /etc/passwd contains one entry per line for each user (user account) of the
system. All fields are separated by a colon (:) symbol. Total of seven fields as
follows. Generally, /etc/passwd file entry looks as follows:
/etc/passwd file format

From the above image:

1. user name: It is used when user logs in. It should be between 1 and 32
characters in length.
2. password: An x character indicates that encrypted password is stored in
/etc/shadow file. Please note that you need to use the passwd command to
computes the hash of a password typed at the CLI or to store/update the hash of
the password in /etc/shadow file.
3. user id : Each user must be assigned a user ID (UID). UID 0 (zero) is
reserved for root and UIDs 1-99 are reserved for other predefined accounts.
Further UID 100-999 are reserved by system for administrative and system
accounts/groups.
4. group id: The primary group ID (stored in /etc/group file)
5. userid info: The comment field. It allow you to add extra information about
the users such as user’s full name, phone number etc. This field use by finger
command.
6. home directory: The absolute path to the directory the user will be in when
they log in. If this directory does not exists then users directory becomes /
7. command/shell: The absolute path of a command or shell (/bin/bash).
Typically, this is a shell. Please note that it does not have to be a shell. For
example, sysadmin can use the nologin shell, which acts as
a replacement shell for the user accounts. If shell set to /sbin/nologin and the
user tries to log in to the Linux system directly, the /sbin/nologin shell closes
the connection.
SHADOW PASSWORD--
Another method of storing account information, is with the shadow password
format. As with the traditional method, this method stores account information
in the /etc/passwd file in a compatible format. However, the password is stored
as a single "x" character (ie. not actually stored in this file). A second file, called
/etc/shadow, contains encrypted password as well as other information such as
account or password expiration values, etc. The /etc/shadow file is readable
only by the root account and is therefore less of a security risk.

STRUCTURE OF SHADOW PASSWORD-

Basically, the /etc/shadow file stores secure user account information. All fields
are separated by a colon (:) symbol. It contains one entry per line for each user
listed in /etc/passwd file. Generally, shadow file entry looks as follows:

/etc/shadow file format

As with the /etc/passwd, each field in the shadow file is also separated with “:”
colon characters as follows:
1. Username : A valid account name, which exist on the system.
2. Password : Your encrypted password is in hash format. The password should
be minimum 15-20 characters long including special characters, digits, lower
case alphabetic and more. Usually password format is set to $id$salt$hashed,
The $id is the algorithm used On GNU/Linux as follows:
1. $1$ is MD5
2. $2a$ is Blowfish
3. $2y$ is Blowfish
4. $5$ is SHA-256
5. $6$ is SHA-512

3. Last password change (lastchanged) : The date of the last password change,
expressed as the number of days since Jan 1, 1970 (Unix time). The value 0 has
a special meaning, which is that the user should change her password the next
time she will log in the system. An empty field means that password aging
features are disabled.
4. Minimum : The minimum number of days required between password
changes i.e. the number of days left before the user is allowed to change her
password again. An empty field and value 0 mean that there are no minimum
password age.
5. Maximum : The maximum number of days the password is valid, after that
user is forced to change her password again.
6. Warn : The number of days before password is to expire that user is warned
that his/her password must be changed
7. Inactive : The number of days after password expires that account is
disabled.
8. Expire : The date of expiration of the account, expressed as the number of
days since Jan 1, 1970.
The last 6 fields provides password aging and account lockout features. You
need to use the chage command to setup password aging. According to man
page of shadow – the password field must be filled. The encrypted password
hash consists of 13 to 24 characters from the 64 character alphabet a through z,
A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character.
This means the encrypted password was generated using another (not DES)
algorithm. For example if it starts with “$1$” it means the MD5-based
algorithm was used. If a password field which starts with a exclamation mark (!)
means that the password is locked. The remaining characters on the line
represent the password field before the password was locked.