topic Re: lanconsole lockout in Operating System - HP-UX

lanconsole lockout

MCP-DOC — Thu, 21 Jun 2001 13:46:39 GMT

Hi,

I have a problem with the lanconsole on a L2000.
Someone tried to hack the normal root account so that's locked out. OK, connect to the lanconsole and that's it, you would say. PROBLEM, the lanconsole password is incorrect. Now I see no way of getting to the root account anymore.

Thanks,

Emiel van Grinsven

Re: lanconsole lockout

Vincenzo Restuccia — Thu, 21 Jun 2001 13:51:52 GMT

ctrl+b
gsp>so

Re: lanconsole lockout

Christopher McCray_1 — Thu, 21 Jun 2001 13:54:17 GMT

do you have a regular console terminal that you can connect directly to the server to try that way?

Re: lanconsole lockout

MCP-DOC — Thu, 21 Jun 2001 13:56:19 GMT

i have a normal console directly connected but it is setup to block logging in directly to root.

ctrl b --> I have to login first, I only get a loginname (serviceporcessorlogin) and password prompt.

Re: lanconsole lockout

Jim Turner — Thu, 21 Jun 2001 14:05:43 GMT

1. Boot single-user and reset root's password there. "Ctrl-B" at /dev/console and then "rs". Interrupt boot, "boot pri", interact with ISL, and then "hpux -is".

2. Find the dolt who disallowed root logins at /dev/console and conduct a little "high-voltage testing" on their naughty bits. Even if root is disabled, login via /dev/console would still be allowed.

3. Edit /etc/securetty and add one line containing the word "console" (no quotes) so this doesn't happen again.

4. BTW, if said dolt from step two config'ed your machine to require a password for single-user, you're really pooched.