topic Re: trusted system in Operating System - HP-UX

trusted system

shajes puthanveettil — Fri, 13 Sep 2002 22:28:24 GMT

Can any suggest the steps to be followed while changing a system to trusted system.
I want to make my live servers running HP-UX 10.20 &11.x as trusted .

thanks for suggesyions.
spv

Re: trusted system

erics_1 — Fri, 13 Sep 2002 22:33:09 GMT

Shajes,

There is a lot of good information on Trusted Systems out at http://www.docs.hp.com

Just search on trusted system and you'll get many returns that discuss this topic more in depth. The easiest way to convert is via SAM, Auditing and Security, then select one of the options on that next screen.

Hope this helps!
Eric

Re: trusted system

Bill Hassell — Fri, 13 Sep 2002 23:20:35 GMT

The conversion is very simple. Run SAM, select the Auditing section and as you enter that section, it will ask if you'd like to convert. Answer yes and you are done.

There are additional features now available to control security policies if you want to enable them.

Re: trusted system

harry d brown jr — Sat, 14 Sep 2002 00:44:23 GMT

Instead of worrying about making 10.20 systems "trusted" you need to be worrying about getting those machines to 11i or higher!

To make a system trusted use sam.

live free or die
harry

Re: trusted system

Michael Tully — Sat, 14 Sep 2002 05:56:07 GMT

You can also change your system into 'trusted' from the command line just as easily as using 'sam'. Be aware that 'sam' is much easier to use if your going to make changes to the security settings.

# /usr/lbin/tconvert (to change to trusted)

Be aware that changing a system to trusted, expires all passwords immediately, so be ready.

Re: trusted system

Sridhar Bhaskarla — Sat, 14 Sep 2002 21:11:58 GMT

Hi,

You can use either SAM as already mentioned or use the command "/usr/lbin/tsconvert" to convert a system to trusted. You will find a new directory tree structure under /tcb after this task.

The passwords will be expired. This is to make sure users will set the password to the trusted system standards. You can leave it that way or disable password expiry by running the command "/usr/lbin/modprdef -m exptm=0".

Start getting familiar with the commands like getprpw, modprpw, getprdef and modprdef etc under /usr/lbin. There won't be man pages on them. Try searching for these words in the forums. Sometimes you may find it irritating to go into SAM for small tasks like enabling a login (/usr/lbin/modprpw -k login).

-Sri