- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Attack on root password
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 06:27 AM
тАО03-12-2003 06:27 AM
I would like to enquire what if an attack on root password by making several unsuccessfull login to root just to disable it.
And also another point I note for the number of retries on password could prompt hacker to keep a list of known password that doesn't work. Over time he may be able to make intelligent guess on the root password that works.
How does HP Trusted System address such attack?
Our process to recover/restore root passwd after the account is disable is very complex.
I heard about "Password Evading" mechanism in VMS system where the a/c is not lock but evading mechanism activated after n tries. During this evading period, even with correct password it still can't login. It have to wait either the evading period expired or sysAdmin have to deactivate the mechanism.
Does HP Trusted System have such similar capabilities??
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 06:35 AM
тАО03-12-2003 06:35 AM
SolutionThe basic principle that HP-UX uses, you already know. After XX number of incorrect login attempts, the account will be disabled.
If the root account gets disabled, it is not difficult to reactivate it. Even if the account is disabled you can ALWAYS log in to the console and then do a modprpw to reactivate root.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 06:39 AM
тАО03-12-2003 06:39 AM
Re: Attack on root password
If your root account is disabled you can always login as root on the console and re-enable the account.
If a password is mixed alphanumric and reasonably long it is hard to crack and advice is to change regularly.
Another simple one is to add a check to /etc/profile something like
if [ `who am i | awk '{ print $1 }'` = root -a `tty` != "/dev/console" ]
then
echo "Error: root logins are only allowed on the console. "
exit 1
fi
Then any root login not on the console will log back out.
steve Steel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 06:45 AM
тАО03-12-2003 06:45 AM
Re: Attack on root password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 06:56 AM
тАО03-12-2003 06:56 AM
Re: Attack on root password
passwords have to be at least 7 chars and one char has to be alpha, one numeric, and one special char
they are aged at 30 days, which we have griped about, make it 32 so it at least is on a monthly cycle
if root gets disabled, the security user can reenable it
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 08:04 AM
тАО03-12-2003 08:04 AM
Re: Attack on root password
There's certainly some interesting points in your posting.
With regard to the concept of a hacker keeping a password list and attempting to retry; on a trusted system you should keep the number of retries on this account low. You should also choose your passwords wisely (perhaps using some of the restriction methods - ie number of alpha chars, number of numerics, etc) and change them regularly. This should reduce the chance of an attack where someone is recording passwords and retrying.
If you increase the number of retries, it is less likely than someone will get the account disabled through excessive retries, but they're more likely to be able to find the password - this is where the complexity of the password will help.
It is a matter of balancing the requirements of password ageing and retries with the likelyhood of someone attempting to hack the system.
regards,
Darren
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 08:18 AM
тАО03-12-2003 08:18 AM
Re: Attack on root password
I personally would think about a firewall even the HP firewall to protect your system.
You should be able to figure out what the source IP address of the hacker is and set up /var/adm/inetd.sec to block that IP address from any access to your machine.
Further, I recommend the steps below:
security_patch_check: Checks your system and makes sure its up to date with security patches from HP
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
Required Perl install
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Bastille: Security Hardening Tool
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
TCP Wrappers
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP
Secure Shell: a replacement for rcp ftp and telnet that encrypts passwords
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
IDS/9000 Intrusion Detection System which can track security breaches and attempted security breaches.
Attached is Chris Vale's paper on how to set up passwordless services by exchanging public keys.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 08:18 AM
тАО03-12-2003 08:18 AM
Re: Attack on root password
I personally would think about a firewall even the HP firewall to protect your system.
You should be able to figure out what the source IP address of the hacker is and set up /var/adm/inetd.sec to block that IP address from any access to your machine.
Further, I recommend the steps below:
security_patch_check: Checks your system and makes sure its up to date with security patches from HP
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
Required Perl install
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Bastille: Security Hardening Tool
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
TCP Wrappers
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP
Secure Shell: a replacement for rcp ftp and telnet that encrypts passwords
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
IDS/9000 Intrusion Detection System which can track security breaches and attempted security breaches.
Attached is Chris Vale's paper on how to set up passwordless services by exchanging public keys.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2003 09:19 AM
тАО03-12-2003 09:19 AM
Re: Attack on root password
Like the others mention, you can set the number of tries before disabling the root account. However, be careful with this.
Our root password had an @ in it. Our facilities people insisted that we use a Dell LCD rack-mountable keyboard/screen as the main console to the service processors for our 2 V-class machines. The V-class doesn't have a console: they have these processors (a B180L workstation) connected with thin-net, of all things. The Dell keyboard doesn't send the @ symbol for some reason. So we locked out the root account last weekend when we were scheduling maintenance on the system. Without a console, the only thing we could do was to reboot to single user mode. Fortunately, we had taken Oracle down by going in with secure shell, and also detached the system logically from the SAN. So the only complaint was from HPUX itself. But we changed the password instantly.
Following the hardening document will make your system a lot more secure. If you want total security, lock your CPU in a bank vault and unplug it. Anything short of that, and you'll have to have some compromises in your security plan. However, the compromises mentioned here are not too bad.
Chris