https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063886#M437334 Not possible in an untrusted environment.<BR /><BR />In a trusted environment, this is controlled by security policies, which can be seen via the getprpw command ('man getprpw' for more info). This is NOT configurable in the /etc/default/security file. <BR /><BR />You should do a 'man security' for information on the security file.<BR /> Mon, 20 Aug 2007 08:45:04 GMT Patrick Wallek 2007-08-20T08:45:04Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063885#M437333 hi.<BR /><BR />i wonder how i can lock a useraccount after a certain amount of failed logins in a UNTRUSTED system.. like /usr/lbin/modprpw -m umaxlntr=6 "$logname" is in trusted.<BR /><BR />i also wonder what the string in /etc/default/security should be to make it global in a TRUSTED system..<BR /><BR />anyone?<BR /><BR />regards <BR />pål Mon, 20 Aug 2007 08:23:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063885#M437333 Paul Torp 2007-08-20T08:23:19Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063886#M437334 Not possible in an untrusted environment.<BR /><BR />In a trusted environment, this is controlled by security policies, which can be seen via the getprpw command ('man getprpw' for more info). This is NOT configurable in the /etc/default/security file. <BR /><BR />You should do a 'man security' for information on the security file.<BR /> Mon, 20 Aug 2007 08:45:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063886#M437334 Patrick Wallek 2007-08-20T08:45:04Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063887#M437335 Shalom,<BR /><BR />On a non-trusted system you would need to look at this output.<BR />lastb -R<BR /><BR />You can run a cron script that checks this output user by user. At this point when you find three bad logins you can issue a passwd -l username command.<BR /><BR />There is a script posted in the sysadmin scripts thread that does exactly this.<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=51050" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=51050</A><BR /><BR />SEP<BR /> Mon, 20 Aug 2007 08:58:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063887#M437335 Steven E. Protter 2007-08-20T08:58:39Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063888#M437336 hi..<BR /><BR />i have tried looking for that script in section 2 and 3.. (of favorite scripts) but cant really find it..<BR /><BR />i am running out of time and got deadline tomorrow to come up with something to solve the issue..<BR /><BR />pal Tue, 21 Aug 2007 03:28:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063888#M437336 Paul Torp 2007-08-21T03:28:14Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063889#M437337 the sad sad thing is that i have no hpux boxes to test on atm.. (not even a production).. makes things a bit harder... Tue, 21 Aug 2007 03:35:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063889#M437337 Paul Torp 2007-08-21T03:35:14Z https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063890#M437338 found it SEP..<BR /><BR />tnx Tue, 21 Aug 2007 04:20:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-issues-configuration/m-p/5063890#M437338 Paul Torp 2007-08-21T04:20:20Z