topic Re: Secure Login in Operating System - HP-UX

Secure Login

avm — Thu, 08 Mar 2001 16:49:38 GMT

Is there any way to hide a user having id 0 or
give a normal user root equivalent rights ?
thanks in advance

Re: Secure Login

Brian Markus — Thu, 08 Mar 2001 17:51:55 GMT

I use a program named SUDO . You can allow users to do certain things as root, with out actually haveing root. Also, for operators that need to do certain things on your box you might want to look into "Restricted Sam" You type sam -r and you can assign users privaliages to do certain things in sam. For example you want them to launch Samba as user root, or as user smb, you can make an icon in sam to launch that, in the properetys for that icon you can set who it is launched by.
I would look into SUDO first.

Good luck
Brian

Re: Secure Login

Jerry L. Anderson — Tue, 13 Mar 2001 19:36:39 GMT

avm,

After some more thought I wonder if you are asking how to tell if your system has been compromised.

There are many ways for a user to hide their capabilities and actions once they have compromised root. Probably the most powerful would be a rootkit. The simplest would be a setuid root copy of a shell tucked away in some obscure directory and rarley used.

Although I personally am not aware of a rootkit for HP-UX it would certainly be possible to compile the various components on an HP platform.

If you specify your concerns a little more explicitly it may be possible to get some more applicable answers.

Re: Secure Login

Philip Chan_1 — Thu, 05 Apr 2001 01:49:24 GMT

I second for Brian's recommendation on SUDO,

http://www.courtesan.com/sudo/

another alternative is to grant sam admin menu items to normal users through restricted sam (sam -r).

Rgds,
Philip