In UNIX/Linux the information about users is kept in the /etc/passwd file. Each line represents a user. The fields in each line are as follows: username, password,UID,GID,Gecos,home directory,shell Today the passwords are usually kept separately hence in this file you will only see an x in the second field.
When someone breaks in to a UNIX/Linux machine she might try to setup a user with UID 0 in order to gain root (superuser) access to the machine. Please check the following file and print a message if there is a user with 0 as UID which is NOT the root user.
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync cracker:x:0:99:games:/usr/games:/bin/sh games:x:5:60:games:/usr/games:/bin/sh