topic Re: security in Operating System - HP-UX

security

Jason Tan — Mon, 30 Dec 2002 07:37:25 GMT

I have some question here:

If i don't want convert to trusted system,

1) How can i perform password cracking (to test password strength)on the fly when user change their password?

2) How to seach for a userid is not use for 3 month to disable and 6 month to delete the account.

Re: security

Khalid A. Al-Tayaran — Mon, 30 Dec 2002 08:47:28 GMT

Hi,

1) How can i perform password cracking (to test password strength)on the fly when user change their password?

ans. I think there are crack utilities for /etc/passwd. Search for more info.

2) How to search for a userid is not use for 3 month to disable and 6 month to delete the account.

ans. Use the non_active_accounts script found in the scripts thread of thid forum. Attached for fast access....

Good luck......

Re: security

Michael Tully — Mon, 30 Dec 2002 08:53:39 GMT

You will be a little limited if you choose using un-trusted.

Searching for user-id's that haven't been used for X months, you'll have to write a script that scans your password file and give you a report based on your 'wtmp' file. This will involve using the 'last' command. Same goes for the the deletion.

As far as password cracking, there are some commercial ones, but you can get 'crack' from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/crack-5.0/

Re: security

Rajeev Shukla — Mon, 30 Dec 2002 08:59:39 GMT

Hi,
See password cracking are programs which you one makes on continous basis, and many people write in different way. As far as its security is concerened, since the passowrds are no more encrypted in /etc/passwd file instead in /tcb/files/auth so its more harder for crackers to trace a singe file as /etc/passwd file is.

Use /usr/lbin/getprpw on a userid, this will give you all details and even the last successful login, which means when he last logged in. To disable after 3 months and expire the login can be done in password policy under users in sam.
Go to sam->users->options

Rajeev

Re: security

Jose Mosquera — Mon, 30 Dec 2002 10:09:00 GMT

Hi,

1) On non-trusted system is hard task to do, pls try downloading http://hpux.connect.org.uk/hppd/hpux/Sysadmin/crack-5.0/

2) If you keep your /var/adm/wtmp with info you can use "last" command to check the last successfully login by user. So, you need make a cron script that read /etc/passwd and verify for each user the unloged time, for this try with this "last" command implementation:
last |tail -3|head -1
the following output will be generated:
pts/tkc Mon Aug 26 09:05 - 13:41(2+04:35)

If you select "Month" and "Day" fields the time calculation will be possible.

To disable acounts try changing current valid Shell definition by "/usr/bin/false". This file must be with 555 permission. If not exist just create it with the "exit" content.
Pls **be careful** with the /etc/passwd file treatment. To remove accounts, I recomend you a similar procedure to calculate the last login date, but try to act through an email that report you these users ant then you will take a decision about.

Rgds.