topic Re: lastb command to wrk....for ordinary users... in Operating System - HP-UX

lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 06:59:07 GMT

hi,
i would like lastb command to wrk for ordinary users....

how do i make it available to all ordinary users...just for a exercise...
i know its a big security threat but still would like to do it...for my development server.....

hpux 11i v2...
root #/var/adm >ls -lrt *tmp*
-rwxr-xr-x 1 root sys 280 Jul 24 18:45 wtmpx
-rwxr-xr-x 1 root other 741780 Sep 15 13:10 btmp
-rwxr-xr-x 1 root other 11230048 Sep 15 13:10 btmps
-rwxr-xr-x 1 adm adm 5256840 Sep 15 13:26 wtmp
-rw-rw-r-- 1 adm adm 138667360 Sep 15 13:26 wtmps

rx46460...

Regards,
Tejas

Re: lastb command to wrk....for ordinary users...

Ivan Krastev — Mon, 15 Sep 2008 07:12:27 GMT

Just install and configure sudo. After that enable lastb via sudo.

regards,
ivan

Re: lastb command to wrk....for ordinary users...

Dennis Handly — Mon, 15 Sep 2008 07:56:11 GMT

Why do you want to enable lastb(1)? If it is a development server don't you all have root? :-)

This isn't just some "just for a exercise".

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 08:04:28 GMT

hi Dennis,
WE do have sudo installed....
but i wuld like to enable it for all users..without sudo ..
is it possible or not ????

Re: lastb command to wrk....for ordinary users...

Kenan Erdey — Mon, 15 Sep 2008 08:21:38 GMT

hi,

if you change /var/adm/btmp file's permission it's possible. but as this file contain password information it is a security hole.

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 08:25:00 GMT

Hi Kenan,
so what permissions i should be giving to it...

I know its a hole....but since its a development server...its fine....

Regards,
chindi

Re: lastb command to wrk....for ordinary users...

Kenan Erdey — Mon, 15 Sep 2008 08:37:55 GMT

put users into a group i.e group_name then

chown root:group_name /var/adm/btmp
chmod 660 /var/adm/btmp

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 08:45:41 GMT

Hi Kenan,

g1 /var/adm > ll *tmp*
-rw-rw---- 1 root sgr 741780 Sep 15 13:10 btmp

g1 /home/g1 > lastb -R|grep sud
g1 /home/g1 > id
uid=223(g1) gid=108(sgr)

root #/var/adm >lastb -R|grep sud|head -2
sud ssh:notty 10.1.4.190 Fri Sep 12 13:35
sud ftp 10.1.4.163 Thu Sep 11 16:26

Re: lastb command to wrk....for ordinary users...

Dennis Handly — Mon, 15 Sep 2008 09:24:34 GMT

You could also change the permissions on the btmps file so everyone can read it. It appears this was the case in your initial listing.

You should immediately remove execute permission from your ?tmp* files.

Re: lastb command to wrk....for ordinary users...

Kenan Erdey — Mon, 15 Sep 2008 09:24:44 GMT

try log out and log in again. tried and worked for me.

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 09:29:48 GMT

Hi Keenan,Dennis,

when i run lastb from that user i am getting

g1 /home/g1 > lastb
lastb can be invoked only by root. Exiting ....

Re: lastb command to wrk....for ordinary users...

Dennis Handly — Mon, 15 Sep 2008 09:39:23 GMT

>lastb can be invoked only by root.

Then you'll have to make a copy of lastb and turn it into a setuid root executable.

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 09:49:00 GMT

Hi Dennis,

root #/usr/bin >ll /usr/bin/lastb
-rwsr-xr-x 2 bin bin 46772 Dec 22 2004 /usr/bin/lastb

even after this its not executing....

Re: lastb command to wrk....for ordinary users...

Bill Hassell — Mon, 15 Sep 2008 09:51:45 GMT

I believe the lastb command (actually it is the last command with a link to lastb) checks internally for the root user. And for good reason. To allow ordinary users to view failed login attempts is a terrible security risk. It is very common for users to type their password when the prompt is for user. This mistake is recorded in the btmp file. So by using the timestamp of the failed login, the next successful login is probably the real user -- and now the user and the password are known to everyone.

So it is a very bad idea to circumvent these restrictions. You can give users a special alias called something like retrylist that is hardcoded to their personal login. That way, only bad logins using their correct username will be shown, something like this:

alias retrylist="sudo lastb -R $(id -un)"

You don't want users browsing all the failed logins...

Re: lastb command to wrk....for ordinary users...

Dennis Handly — Mon, 15 Sep 2008 09:53:36 GMT

>even after this its not executing

Of course not. To make a setuid root executable you have to use chmod and chown. There may be a specific ordering.

Re: lastb command to wrk....for ordinary users...

chindi — Mon, 15 Sep 2008 10:14:28 GMT

Hi guys,
Its ok i have decided to leave it,since its a bit tedious one...and also a big security hole as pointed by all of u guys ( Bill,Dennis,Kenan).....

Regards,
Chindi....

Re: lastb command to wrk....for ordinary users...

Dennis Handly — Mon, 15 Sep 2008 21:18:44 GMT

>ME: To make a setuid root executable

While you can do this, it won't work:
$ ll lastb
-r-sr-xr-x 1 root sys 46764 Sep 15 15:12 lastb*
$ ./lastb
lastb can be invoked only by root. Exiting ....

Re: lastb command to wrk....for ordinary users...

Sandeep_Chaudhary — Tue, 16 Sep 2008 03:36:34 GMT

I am totally agree with Evan. Use s"sudo" for thi spurpose. I dont recomment u to change permission of files.