Security

Re: Converting untrusted system to trusted

 
SOLVED
Go to solution
Jonathan Caplette_1
Super Advisor

Converting untrusted system to trusted

Hi guys,

I've got and HP-UX 11.00 system, it's Un-Trusted, and I would like to convert it into a Trusted system... I know that I use sam to do it, but I would like to know if I need a specific patch to do it?? And if I do it will it impact my system access for the user, I mean lock the account or anything like that??

Thanks
8 REPLIES 8
DCE
Honored Contributor
Solution

Re: Converting untrusted system to trusted


Jonathan,

If you have system patched to the latest patch bundle you should be good to go.

A couple of potential issues: The conversion only carries over the first eight charactors of the password - so some users may have login issues.

Also, keep a root window open when you do the conversion. Test roots login after the conversion, and if it needs to have it's password reset, you have a root window open to reset the password.

to unlock a users account after conversion

/usr/lbin/modprpw -k userID

to view a users account after conversion

/usr/lbin/getprpw userID

Geoff Wild
Honored Contributor

Re: Converting untrusted system to trusted

Have a read through:

http://docs.hp.com/en/B2355-90950/B2355-90950.pdf

Trusted System Security starts at page 789.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Steven E. Protter
Exalted Contributor

Re: Converting untrusted system to trusted

Shalom,

If the conversion happens, you are patched enough to do it.

I do recommend haveing the latest well tested patch on any 11.00 system. That's a quarterly update from some time in 2004 if I'm not mistaken.

Some users with expired passwords or who have not used their accounts for some time will become locked. There is a standard set of rules that this process uses to make your system more trustable.

I'm a big believer in trusted systems and try to do it whenever possible. There are NIS impacts to think about though.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
baiju_3
Esteemed Contributor

Re: Converting untrusted system to trusted

Hi,

It won't lock any users .

You can do it on command line by

#/usr/lbin/tsconvert

Regards ..bl.
Good things Just Got better (Plz,not stolen from advertisement -:) )
Hoang Chi Cong_1
Honored Contributor

Re: Converting untrusted system to trusted

Hi guy
See on the attachment and you will find what you want!

PS: You should assign point to everyone who takes time to help you.

"I have assigned points to 280 of 404 responses to my questions."

Thanks and best regard,
Hoang Chi Cong
Looking for a special chance.......
Muthukumar_5
Honored Contributor

Re: Converting untrusted system to trusted

Refer this:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=638058

Use Bharat's document.

--
Muthu
Easy to suggest when don't know about the problem!
F Verschuren
Esteemed Contributor

Re: Converting untrusted system to trusted

/usr/lbin/modprpw -k userID
will actvate the user acount when there are 3 unsucesfull logins,
/usr/lbin/modprpw -v userID
will set you passwd age to 0, this is usefull if there are already passwd ages on your untrusted system this is visable if you have dots in your encripted passwd like so:

username:jkhfdskjfh.??.??:200:200


Kind regarts.
Jonathan Caplette_1
Super Advisor

Re: Converting untrusted system to trusted

I was patched enought and the conversion went very well!!

Thanks
Jonathan