topic Re: Security on HPUX 11.0 in Operating System - HP-UX

Security on HPUX 11.0

Gavin Rowland — Wed, 29 Aug 2001 09:21:19 GMT

Is anyone aware of any software/patch that would place a secure group in /etc/group?. This is causing problems with the application
that is running on a L2000 server running HPUX 11.0.

Re: Security on HPUX 11.0

eran maor — Wed, 29 Aug 2001 09:30:02 GMT

Hi Gavin

from what i understand you are looking of a software for a secure group or secure group file , s ofor this the option is a trusted system that can give the the option for a secure passwd and group file .

to convert your system to a trusted syste mgot to sam over there go to even and auditing and then choose one of the option to convert the system to a trusted system .

i would also advise if you are moving to a trusted system to read the pdf of this system

you can found it on www.docs.hp.com

there is a lot of patches for securety and but not for a secure group .

mybe someone else hread about it

Re: Security on HPUX 11.0

Gavin Rowland — Wed, 29 Aug 2001 09:33:21 GMT

Eran,

Sorry I probably wasn't to clear in my initial post.
Something has placed a group named "secure" in the /etc/group file of the system in question.
I am trying to track down what software would do that as the Client is not aware of how this happened but is suffering the consequences of it.

Cheers
Gavin

Re: Security on HPUX 11.0

eran maor — Wed, 29 Aug 2001 09:48:21 GMT

Hi

now i m more clear .

i m an expert in patches and i can tell you for sure that there isnt any patch that put this group in the /etc/group .

i also install most of the hp software that exist and i search in our systems and didnt found and i cant remember of a hp software that is doing it .

so i thing that this is or a 3party software or some on did somthing it the past .

i would recomend to ask in your com. if someone know about this issue( probely you did it ) and then delete this entry from your system and see if something is worng .

i also check in our database about this issue and didnt found any info .

hope that you find the answer

Re: Security on HPUX 11.0

Paula J Frazer-Campbell — Wed, 29 Aug 2001 09:48:32 GMT

Hi Gavin

Check GID with the passwd file - is there an entry for a user there?

Paula

Re: Security on HPUX 11.0

Paula J Frazer-Campbell — Wed, 29 Aug 2001 09:54:29 GMT

Gavin

Further things to check :-

time/date stamp on group and passwd file - it may help.

From backups try and identify when "secure" group appeared.

from change control tie in the changed date with apps / patches applied.

chech .sh_history and search for "secure" and "group"

HTH

Paula

Re: Security on HPUX 11.0

Wodisch — Wed, 29 Aug 2001 16:02:13 GMT

Hello Gavin,

have searched your filesystems for any file
or directory owned by that group? Like:
find / -group secure -exec ls -abdl {} ";"

That list should give you an idea who/what is
using that group...

HTH,
Wodisch

Re: Security on HPUX 11.0

Account Not Used — Wed, 29 Aug 2001 21:18:16 GMT

Earon is correct not patch would put "secure" in the /etc/group file. I would not only suggest turning on auditing via the Trusted mode I would also install sudo. Sounds like you don't have enough audit trai enabled to find out how this might of happened.

PS: Don't forget to give points.