topic Re: Rename root in Operating System - HP-UX

Rename root

Arthur Luimes_2 — Fri, 09 Dec 2005 06:27:00 GMT

Dear Security Guru's,

My manager has aked me if it is possible to rename the root user to something else, so that a hacker would have to guess both the name and it's password.

How would I do this?
Is this actually a bad idea? Are there components of HP-UX 11.00 that depend on the name "root"?

Thanks a lot,

Arthur Luimes

Re: Rename root

Arunvijai_4 — Fri, 09 Dec 2005 06:31:05 GMT

You can't rename root user as far as i know. Its not possible in any unix OS. Try to implement some other techniques like SSL, SSH, PAM kerberos, IDS to secure your server.

-Arun

Re: Rename root

Sยภเl Kย๓คг — Fri, 09 Dec 2005 06:39:07 GMT

Hi,

Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. You can even implement sudoers .

Install SSL, SSH, PAM kerberos, IDS as suggested by arun.

There is no way you can rename the ultimate super user 'root'

Regards,
Sunil

Re: Rename root

Sivakumar TS — Fri, 09 Dec 2005 06:54:21 GMT

Dear Arthur,

You cannot rename root user in any HPUX, lot may dependencys are present in the system.

With Regards,

Siva.

Re: Rename root

Mark Nieuwboer — Fri, 09 Dec 2005 06:56:15 GMT

Hi Arthur,

Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. as suggested above.
Set the login try on 3 times so after 3 badlogins you have to enable root paaswd trough the console.

One otherway is to make a user with uid 0.
and after that diable the root account with /usr/lbin/modprpw -k root.
This is not what i should do but it is an option.

grtz. Mark

Re: Rename root

Arthur Luimes_2 — Fri, 09 Dec 2005 06:56:38 GMT

Great Replies. Just what I needed.

Thanks a lot,

Arthur

Re: Rename root

Arunvijai_4 — Fri, 09 Dec 2005 07:03:38 GMT

Search ITRC for locking root account and more security related information. It is a great place to look into.

-Arun

Re: Rename root

Bill Hassell — Fri, 09 Dec 2005 07:44:20 GMT

You can indeed rename root as long as the system is not Trusted. Just edit the /etc/passwd file. But as others have mentioned, portions of HP-UX and other applications may depend on "root" and of course, 100% of sysadmin documentation will use the name root when referring to the superuser.

The very first step in protecting your system is to REPLACE the text in /etc/issue with a non-descriptive message. The typical text is the output of uname -a and that is TOO MUCH information!! It contains the hardware model and the version of HP-UX, far too much information to be shown *before* you login. Instead, just put the name (or nickname if the network name implies HP-UX) of the computer and nothing else.

Then you immdediately convert to a Trusted system. At that point, the root password cannot be guessed without locking out the root user for non-console logins. Note that the lastb command will reveal when and from which IP address a root attack was launched. And to address your manager's concerns, just create an empty /etc/securetty:

cat /dev/null > /etc/securetty

Now, *NO ONE* can login as root except at the real console. To gain root access remotely (telnet, ssh, etc) use su (which logs each access) or better yet, install and configure sudo.

The above will address your manager's concerns. But for truly important systems, you need to download and run Bastille to harden all the security on each system. And get a copy of the HP-UX Security book by Chris Wong.