https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456851#M12773 Hi,<BR /><BR />to have full information about ftp sessions edit the /etc/inetd.conf:<BR />Change the line:<BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l<BR />TO:<BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -v<BR />Now reinitialize inetd with: inetd -c<BR />After this you get all ftp commands and files logged in /var/adm/syslog/syslog.log<BR /><BR />Regards Tue, 24 Oct 2000 05:47:09 GMT Andreas Voss 2000-10-24T05:47:09Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456848#M12770 Hi,<BR /><BR />Is there a way to prevent the password file being copied or ftp ? <BR /><BR />If not possible, is there a way to trap who has ftp or copied this file and get notify ?<BR /><BR />Any advise is apprecaited.<BR /><BR /><BR />Rgds,<BR />YC Tue, 24 Oct 2000 01:00:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456848#M12770 yc_2 2000-10-24T01:00:37Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456849#M12771 Hi,<BR />You could use tsconvert to convert the system to a trusted system and the passwords are moved to a TCB area.<BR />This will also enable other features as password lifetime etc.<BR /> Tue, 24 Oct 2000 01:08:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456849#M12771 Vinit Adya 2000-10-24T01:08:46Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456850#M12772 Leong: <BR />I completely agree with Adya. You need to make the system a Trusted System to prevent users to read the /etc/passwd file. Once the System is converted to a trusted system a protected password database at /tcb/files/auth gets created and a a "*" <BR />replaces the password field in /etc/passwd.<BR />For a detailed information on adminstering trusted system, here is the URL.<BR /><BR /><A href="http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90121&amp;service=hpux&amp;path=../B2355-90121/00/00/1&amp;title=Administering%20Your%20HP-UX%20Trusted%20System" target="_blank">http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90121&amp;service=hpux&amp;path=../B2355-90121/00/00/1&amp;title=Administering%20Your%20HP-UX%20Trusted%20System</A><BR /><BR />Enjoy !<BR />......Madhu Tue, 24 Oct 2000 04:11:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456850#M12772 Madhu Sudhan_1 2000-10-24T04:11:31Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456851#M12773 Hi,<BR /><BR />to have full information about ftp sessions edit the /etc/inetd.conf:<BR />Change the line:<BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l<BR />TO:<BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -v<BR />Now reinitialize inetd with: inetd -c<BR />After this you get all ftp commands and files logged in /var/adm/syslog/syslog.log<BR /><BR />Regards Tue, 24 Oct 2000 05:47:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456851#M12773 Andreas Voss 2000-10-24T05:47:09Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456852#M12774 Hi Andreas,<BR /><BR />Thanks for your advise. <BR /><BR />Is there a way to know what files being down loaded because the syslog.log only capture the ftp login name but not the name of the files that being down loaded.<BR /><BR /><BR /><BR />Rgds,<BR />YC Tue, 24 Oct 2000 07:20:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456852#M12774 yc_2 2000-10-24T07:20:57Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456853#M12775 Hi,<BR /><BR />if you have added the -v option in /etc/inetd.conf at ftp line and reinitialized inetd with inetd -c you get a complete list what a user has done in a ftp session, looks like:<BR />Oct 24 09:28:33 hpk2202 ftpd[7175]: connection from PC203 at Tue Oct 24 09:28:33 2000<BR />Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP LOGIN FROM PC203, voss<BR />Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP: cwd /baan/FT/RETRIEVAL<BR />Oct 24 09:28:33 hpk2202 ftpd[7175]: PORT<BR />Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP: retrieve ftp.out<BR />Oct 24 09:28:34 hpk2202 ftpd[7175]: FTP: delete ftp.out<BR />Oct 24 09:28:34 hpk2202 ftpd[7175]: User voss logged out<BR /><BR />As you can see the user changed to dir /baan/FT/RETRIEVAL (cwd), copied the file ftp.out (retrieve) and finally removed that file (delete).<BR /><BR />Regards Tue, 24 Oct 2000 07:34:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456853#M12775 Andreas Voss 2000-10-24T07:34:01Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456854#M12776 Hi Andreas,<BR /><BR />It works in ver 10.20 but not in 11.00. Does it required any patches ? Tue, 24 Oct 2000 08:10:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456854#M12776 yc_2 2000-10-24T08:10:16Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456855#M12777 Hi,<BR /><BR />on HP-UX 11.00 use instead -l -L:<BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -L -v<BR /><BR />Regards Tue, 24 Oct 2000 08:18:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456855#M12777 Andreas Voss 2000-10-24T08:18:04Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456856#M12778 Leong,<BR /><BR />At HP-UX 11, a new version of ftp was released, which includes a config file called /etc/ftpd/ftpaccess that allows you to both deny ftp access to /etc/passwd and log all files uploaded and downloaded from your server. Here's what you need to do:<BR /><BR />1) Add a "-a" to the end of the ftp line in /etc/inetd.conf.<BR /><BR />2) Force inetd to re-read it's config file: inetd -c<BR /><BR />3) Create the /etc/ftpd/ftpaccess file with the following lines:<BR /><BR />class everyone real,guest,anonymous *<BR />noretrieve /etc/passwd<BR />log transfers anonymous,guest,real inbound,outbound<BR />log commands anonymous,guest,real <BR /><BR />This will keep a log of all commands and files accessed via ftp. The commands are logged in /var/adm/syslog/syslog.log, and the files, I think, are logged in /var/adm/syslog/xferlog.<BR /><BR />There is much more you can do in ftpaccess. For more information, see the man page for ftpaccess and ftpd. Also take a look at the sample ftpaccess file in /usr/newconfig/etc/ftpd/ftpaccess.<BR /><BR />Hope that helps!<BR /><BR /><BR /><BR />both of the Wed, 25 Oct 2000 21:35:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-passwd-file-from-being-copy/m-p/2456856#M12778 Darren Miller 2000-10-25T21:35:51Z