topic Re: security trusted systems in Operating System - HP-UX

security trusted systems

Adam Noble — Mon, 23 Feb 2004 11:04:39 GMT

I have two systems both of them trusted and both appear to have max login retries set to 3. What I can't understand is that on what system the root login behaves as I would expect i.e locks after 3 failed attempts yet on the other it does not. I am trying to determine what is causing this, has anybody got an idea? They are both 11i systems!

Re: security trusted systems

Stefan Farrelly — Mon, 23 Feb 2004 11:07:34 GMT

use the getprpw command to compare root on both to see all its security policy settings (and modprpw to set them) - or else use sam and view the security policies that way. They must be different.

Re: security trusted systems

Sridhar Bhaskarla — Mon, 23 Feb 2004 11:08:24 GMT

Hi,

"root" on the other system may not be following the default system settings. To find it out run

getprpw -m umaxlntr root

On both the systems and see the difference.

-Sri

Re: security trusted systems

RAC_1 — Mon, 23 Feb 2004 11:09:59 GMT

Compare the outout of following command on both machines.

/usr/lbin/getprpw -m umaxlntr root

Re: security trusted systems

Dave Hutton — Mon, 23 Feb 2004 11:10:15 GMT

You can also look at:
/root # cat /tcb/files/auth/system/default
default:\
:d_name=default:\
:d_boot_authenticate@:\
:u_pwd=*:\
:u_owner=root:u_auditflag#-1:\
:u_minchg#1728000:u_maxlen#10:u_exp#31536000:u_life#32400000:\
:u_llogin#7776000:u_pw_expire_warning#1728000:u_pswduser=root:u_pickpw:\
:u_genpwd@:u_restrict:u_nullpw@:u_genchars@:\
:u_genletters@:u_suclog#0:u_unsuclog#0:u_maxtries#5:\
:u_lock:\
:t_logdelay#2:t_maxtries#10:t_login_timeout#0:\
:chkent:

Whats your u_maxtries# number?

My guess is the same, you can set global policys or user policys. My guess is the global one isn't quite right.

Dave

Re: security trusted systems

Steven E. Protter — Mon, 23 Feb 2004 11:10:52 GMT

You have someone ELSE trying to log in as root.

Only getting two tries with root was the first sign someone was trying to hack my educational HP-9000 server.

Attaching a script to keep an eye on this.

SEP

Re: security trusted systems

Adam Noble — Mon, 23 Feb 2004 11:13:06 GMT

OK I get a return of 0 on the server that appears to be allowing unlimited retries does this make sense....and how do you guys respond very scarey but much appreciated.

Re: security trusted systems

Darren Prior — Mon, 23 Feb 2004 11:13:44 GMT

Hi,

I'd suggest that you check using getprpw whether they really do both have maxtries set to 3. Are you logging in to both systems in the same way - ie at the console or at a terminal or at the same type of session?

regards,

Darren.

PS: don't forget to assign points to those that have helped you. It helps determine which answers are useful, and is a tiny reward for those that have given up their time to help you.