topic Re: Converting into the trusted system in Operating System - HP-UX

Converting into the trusted system

Sy-Hoang Truong — Thu, 18 Jan 2001 10:49:45 GMT

I have 2HP9000 systems K260/D280 are running on HP-UX 10.20 consist of :
- 1 cluster (MC Service Guard),
- Disk format VXFS and HFS only on /stand
- 50 PCc are running under Windows NT4.0 connect to HP9000 by telnet and Winsock
- 1 External modem connect to /dev/ttyd0p7 (serial port)
- 1 External tape device for DDS/DAT
I have to convert my systems into the trusted mode. So, my questions are :
1) Where can I find out the patches and which one ?
2) What are the troubles may be occurred after converting the trusted mode ?

Thanks

Re: Converting into the trusted system

Victor BERRIDGE — Thu, 18 Jan 2001 18:30:02 GMT

2) What are the troubles may be occurred after converting the trusted mode ?
>
Because of passwd policies, be aware that you will have users that will be asking you to reactivate accounts, reset passwds etc...
that you may have root account deactivated by people trying to connect...

So for root, the best is to create a /etc/securetty file containing the word console in it, and from then on you will have to use su except on console...

For the rest there is nothing special...

Good luck
Victor

Re: Converting into the trusted system

Peter Cvar — Fri, 19 Jan 2001 08:37:04 GMT

Trusting a system will truncate the passwords to 8 characters if they are longer. This is due to the use of the system call crypt() which can only handle 8 characters. Always ensure systems have the latest trusted and auditing patches installed BEFORE the system is trusted (you can get them on HP IT resource center pages).

On an untrusted system, only the first eight characters of a password are significant and used for authentication. On a trusted system, passwords can be longer than eight characters and all characters are used for authentication.

Regards, Peter

Re: Converting into the trusted system

Dan Hetzel — Fri, 19 Jan 2001 08:52:24 GMT

Hi,

Apart from the password aging and format policies, users shouldn't notice any difference between trusted and untrusted mode.

You can find all patches on this web site, by clicking on 'maintenance and support' on the left frame.

As Victor suggested you, create the /etc/securetty file with one single line:
console
to restrict root logins to the system console (people will have to 'su' to become root)

Best regards,

Dan

Re: Converting into the trusted system

Hamdy Al-Sebaey — Fri, 19 Jan 2001 15:29:17 GMT

Hi
I agree with our collegae.
You 'll need to create a file onder /etc called securetty in which you can set the following;

# echo console >> /etc/securetty

# chmod 600 /etc/securetty

Maybe it will help.