HPE Community
Operating System - HP-UX
1763737 Members
2489 Online
108915 Solutions
New Discussion юеВ

Auditing on HP-UX

 
SOLVED
Go to solution
Dominic_1
Occasional Advisor

тАО04-06-2001 01:45 AM

тАО04-06-2001 01:45 AM

Auditing on HP-UX

I have a few questions that I hope someone will be able to help me with.

1) What is the supported method for auditing HP machines in a NIS environment, does this always require converting to trusted mode and converting to NIS+ with HPUX 11.00?

2) What is the recommended HP migration path for converting to NIS+ in an environment of HPUX 10.20 and 11.0 if 1) is the case

3) Does NIS+ server support standard NIS clients

4) What applications/infrastructure other than NIS are affected by converting to trusted mode (if any)

5) Is it possible to migrate in phases or is it big bang?
0 Kudos
Reply
4 REPLIES 4
Pedro Sousa
Honored Contributor

тАО04-06-2001 02:07 AM

тАО04-06-2001 02:07 AM

Re: Auditing on HP-UX

Hi!
To be true, I only tested it on a MC/SG cluster, and it went fine...
At the time I did not have NIS configured!
Don't you have any test systems where you can do it without problems?

I think (not sure) that converting NIS to NIS+ will bring you some troubles with passwords and services!
I'll try to find some more information.
good luck.
0 Kudos
Reply
Shannon Petry
Honored Contributor

тАО04-06-2001 02:54 AM

тАО04-06-2001 02:54 AM

Solution

Re: Auditing on HP-UX

Well, your not looking for much are ya? Just kidding. Here ya go in order...
1. Auditing requires trusted mode. In trusted mode you can not run NIS or NIS+!
Alternative: Run berkely accounting. While it is not nearly as complete for auditing, it is free, included with all Unices and gives lots of info as well as reporting. There is no NIS or NIS+ restriction!

2. I can not tell you the HP recommended path, but....I would recommend you create a NEW domain and replicate data from the old domain to the new. This will allow testing of the new before migrating which is critical for production environments.

3. NIS+ has a compatibility mode which works MOST OF THE TIME for non-NIS+ clients. Certain maps may not transfer well (auto_master vs. auto.master). Running compatibility mode removes some of the security features for NIS+. If you have to run compatibility mode, I would not recomend that you switch. It is not worth the extra work if you can not use the full feature set of NIS+!

4. You can migrate in phases as long as information does not change. I.E. You will pull the NIS maps for passwd to the NIS+ server. You can get clients connected as you like as long as no ID's change, and noone changes their password!
I would not recommend taking your time as administration would get to be a bummer!


Good luck!
Shannon
Microsoft. When do you want a virus today?
Reply
Steffi Jones_1
Esteemed Contributor

тАО04-06-2001 04:36 AM

тАО04-06-2001 04:36 AM

Re: Auditing on HP-UX

Hello,

just a little info ... NIS+ and trusted system is supported.

For information on converting to and administering trusted systems, refer
to Chapter 12, "Managing System Security" in the manual "HP-UX System
Administration Tasks", HP Part No. B2355-90079.

For information on configuring and administering NIS+, refer to Chapter 4,
"Configuring and Administering NIS+" in the manual "Installing and
Administering NFS Services, HP 9000 Networking, Edition 4", HP Part No.
B1031-90002. Additionally, refer to the nis+(1M) man page.

Refer to ttsyncd(1M) man page for a detailed description of ttsyncd.

Steffi Jones

0 Kudos
Reply
Dominic_1
Occasional Advisor

тАО04-06-2001 08:13 AM

тАО04-06-2001 08:13 AM

Re: Auditing on HP-UX

Thanks,

This is very helpful indeed, just what I needed. If anyone else has any thoughts then keep posting them.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.