i have this bash script here that i'm trying to modify to check if there is only one root id, is it vulnerable and currently, this script only checks if there is a duplicate uid and display the users that shares the same uid. Thanks in advance! :)

Bash Script:

#!/bin/bash
/bin/cat /etc/passwd| /bin/cut -f3 -d":" | /bin/sort -n | /usr/bin/uniq-c | while 
read x ; do
  [ -z "${x}" ] && break
  set -$x
  if [ $1 -gt1 ]; then
       users=`/bin/gawk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd| /usr/bin/xargs`
       echo "Duplicate UID ($2): ${users}"
  fi
done

Expected Output:

Audit criteria: There is only one root id

Vulnerability: Yes

Details: See below


root:!:0:0::/:/usr/bin/bash

jdoe:*:0:1:John Doe:/home/jdoe:/usr/bin/bash

You can simplify your script greatly because all you are looking for is user id 0, which is root:

#!/bin/bash
root_count=$(cut -f3 -d":" /etc/passwd | grep -wc 0)
if [[ $root_count > 1 ]]; then
  users=$(awk -F: '($3 == 0) { print $1 }' /etc/passwd | xargs)
  echo "Duplicate roots: ${users}"
fi

You can use awk to find that out:

if ! awk -F: '$3==0{c++}END{exit !(c<2)}' /etc/passwd ; then
    echo "More than one user with uid 0"
fi