HPE Community
Operating System - HP-UX
1752661 Members
6125 Online
108788 Solutions
New Discussion юеВ

Re: Locking user accounts

 
SOLVED
Go to solution
Lynda Badger
Occasional Contributor

тАО05-21-2004 03:52 AM

тАО05-21-2004 03:52 AM

Locking user accounts

Can you lock account after 3 attempts on an untrusted system. If so does someone have an example script.

thanks in advance,
Lynda
0 Kudos
Reply
7 REPLIES 7
curt larson_1
Honored Contributor

тАО05-21-2004 04:18 AM

тАО05-21-2004 04:18 AM

Solution

Re: Locking user accounts

don't have a script handy, but can give some direction:

in /etc/profile or elsewhere for csh and cde.

set traps so users cant escape to the shell before doing this

use lastb to get the last bad logins
/usr/bin/lastb -3 ${LOGNAME}

use Mr. Stephenson's calendar script to find the time between now and when the last logins occured

http://www.hpux.ws/merijn/caljd.sh
http://www.hpux.ws/merijn/caljd.pl

if the the bad attemps have happened in a certain amount of time, exit.

They won't be able to login again until a certain amount of time has passed.

to really lock them out (ftp and other things that might use the passwd file) you'll have to do something that will modify the users entry in the password file, maybe a script run by sudo.
Reply
Steven E. Protter
Exalted Contributor

тАО05-21-2004 04:25 AM

тАО05-21-2004 04:25 AM

Re: Locking user accounts

This script will do it for any user.

see attachement.

Is called check_rootlogin but can easily be tweaked to work with any user.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Lynda Badger
Occasional Contributor

тАО05-21-2004 04:29 AM

тАО05-21-2004 04:29 AM

Re: Locking user accounts

Thanks Curt and Steven for your help.
0 Kudos
Reply
WSS
Frequent Advisor

тАО08-06-2006 11:23 PM

тАО08-06-2006 11:23 PM

Re: Locking user accounts


Can someone please tell me where they are putting this script and the syntax for the execution?

Would like to implement this script, so would like to know where it needs to be called from.

Regards,
Trev
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

тАО08-07-2006 07:35 AM

тАО08-07-2006 07:35 AM

Re: Locking user accounts

These scripts can be set in a common path which in my servers are /usr/local/bin and with the permission of 755 owned by root. This way, only root can edit but anyone can execute it. Hope this helped..
0 Kudos
Reply
TwoProc
Honored Contributor

тАО08-07-2006 07:52 AM

тАО08-07-2006 07:52 AM

Re: Locking user accounts

Lynda, sorry to add to your thread,but:

SEP, are running that script with Cron? How often? what command did you use to disable the account? I'd like it disabled (for root), but not for the console. I've got some ideas on how to do this, I was interested to hear how you would do it (b/c of your cool headwear).

Thanks,

John
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
WSS
Frequent Advisor

тАО08-07-2006 11:41 PM

тАО08-07-2006 11:41 PM

Re: Locking user accounts


Anand, Yes of course it needs to reside somewhere on the server, and /usr/local/bin is as good as any ... But it just sits there doing nothing unless something calls it.

Where would this happen? For instance would you put it in each users .profile? I don't think so as this is not read until a successful login. So what do you need to do to have this script working for each user? Where do you execute it from?

Anyone?

Thanks in advance....
Trev
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.