topic Trusted System in Operating System - HP-UX

Trusted System

Tim Stallman — Wed, 23 Oct 2002 17:24:13 GMT

Hi,
I'm looking for a good article or explanation as to what makes a system "trusted" or "untrusted". If anyone can point me in the right direction that would be great.

Thx,
Tim

Re: Trusted System

Ken Hubnik_2 — Wed, 23 Oct 2002 17:23:54 GMT

Try doing a search on www.docs.hp.com. keyword trusted.

Re: Trusted System

Patrick Wallek — Wed, 23 Oct 2002 17:28:26 GMT

A trusted system is one that essentially does not have the users encrypted passwords in the /etc/passwd file, which is readable by EVERYONE. Instead the encrypted passwords are located in a /tcb directory structure that is readable only by root.

You can convert to a system to or from trusted mode with the 'tsconvert' command.

Re: Trusted System

Helen French — Wed, 23 Oct 2002 17:29:20 GMT

This document will be helpful:
http://www.docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

Re: Trusted System

Ken Hubnik_2 — Wed, 23 Oct 2002 17:31:47 GMT

Here is a doc

Re: Trusted System

Tim Stallman — Wed, 23 Oct 2002 17:33:11 GMT

okay that makes good sense and that is what I was thinking was going on but how does that relate to NIS? I was trying to configure NIS in a test system and it came back and told me NIS can't be used because it is a trusted system. Is there some reason NIS cannot be used when a system is trusted?

Re: Trusted System

Ben Sachs_1 — Wed, 23 Oct 2002 17:36:08 GMT

You can't use NIS in a trusted environment. Not secure. See this thread: http://bizforums.itrc.hp.com/cm/QuestionAnswer/1,,0x5d2dcbaac6dcd5118ff40090279cd0f9,00.html

-Ben

Re: Trusted System

S.K. Chan — Wed, 23 Oct 2002 17:40:09 GMT

The search should give you good info but in a nutshell, describing the difference between trusted vs untrusted hopefully gives you some overview. Some of them includes ..
a) Trusted system password management is more superior. For example it allows ..
=>You to define a grace and expiration period for password.
=>You to disable accounts with repeted login failures.
=>You to define systemwide password aging.

b) Trusted systems have additional login restrictions features such as ..
=>Account disabling.
=>Account locking.
=>Restricted access by time-of-day.
=>Can define a single-user mode boot password.

c) Trusted system allows system-auditing to be enabled thus the ability to trace every system call.

d) Trusted system has shadowed passwords thus improved security.

Re: Trusted System

Tim Stallman — Wed, 23 Oct 2002 17:48:35 GMT

Thanks everyone that is exactly what I needed to know :-)

Re: Trusted System

Steven E. Protter — Wed, 23 Oct 2002 19:44:17 GMT

Any advanatages to trusted systems few disadvantages. As HP continues to improve that subsystem and the various security subsytems such as IDS/9000, Kerobos(et al) there are few incompatabilities.

The fact that you are considering a trusted system probably means you have security concerns. A good idea, especially after what went on on the Internet Monday and 9/11

Consider these suggestions:
security_patch_check
It connects to HP's security patch database, analyzes your patch setup and recommends needed security patches.

Even better is Bastille, which can be found at software.hp.com

It runs a comprehensive security analysis, can configure security_patch_check for regular cron runs. It goes through the daemons running and gives you a chance to get rid of antiquated, dangerous protocols that almost nobody but hackers use. It can even let you run named as a regular user making denial of service and priviledge attacks on your DNS/Bind system much less likely to succeed.

Hope I helped.

Steve

Re: Trusted System

Bill Hassell — Thu, 24 Oct 2002 01:10:27 GMT

It's important to know that NIS means insecure! NIS broadcasts the password info across the network whereas Trusted systems hide the password. While NIS+ does add encryption, every client must have NIS+ capability.

But the future is not NIS, it is probably LDAP.

Re: Trusted System

Tim Stallman — Thu, 24 Oct 2002 12:06:31 GMT

Thanks everyone. The systems I work on are already trusted systems and I was trying to add NIS to a test system (which is an image from the production system) in preperation for my HP Admin. Cert. Exam. Unfortunately HP still lists NIS as an exam objective thus I need to know how to configure it even though I will never use it here. Maybe LDAP will replace NIS as an exam objective????

Thx,
Tim

Re: Trusted System

doug hosking — Thu, 24 Oct 2002 14:48:57 GMT

Tim, in addition to the security reasons that make NIS inconsistent with trusted systems, there are practical reasons, too. Standard UNIX password files have only a fixed number fo fields to store per-user attributes. Trusted systems configurations have many new attributes, like time stamps, lock fields, extra password lifetime and selection parameters, time of day restrictions, and more. While these are good/useful features, the problem that arises is that in an NIS environment, there is no place to store them, because the server-side system may not be running HP-UX, and other vendors usually don't know about these extra attributes.

Getting back to one of your core questions, if you want to make the system 'not trusted' so you can configure NIS on it, you can run the command '/usr/lbin/tsconvert -r' or use SAM to do the equivalent. This makes significant changes to the system (deletes the whole /tcb directory hierarchy, among other things) so you don't want to do this on a 'real' server without understanding the consequences. If it's truly a 'scratch' system without critical stuff on it, then doing this would make a lot more sense and should enable you to configure NIS. Good luck!