- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Rename root
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:27 PM
тАО12-08-2005 10:27 PM
My manager has aked me if it is possible to rename the root user to something else, so that a hacker would have to guess both the name and it's password.
How would I do this?
Is this actually a bad idea? Are there components of HP-UX 11.00 that depend on the name "root"?
Thanks a lot,
Arthur Luimes
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:39 PM
тАО12-08-2005 10:39 PM
Re: Rename root
Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. You can even implement sudoers .
Install SSL, SSH, PAM kerberos, IDS as suggested by arun.
There is no way you can rename the ultimate super user 'root'
Regards,
Sunil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:54 PM
тАО12-08-2005 10:54 PM
Re: Rename root
Dear Arthur,
You cannot rename root user in any HPUX, lot may dependencys are present in the system.
With Regards,
Siva.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:56 PM
тАО12-08-2005 10:56 PM
Re: Rename root
Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. as suggested above.
Set the login try on 3 times so after 3 badlogins you have to enable root paaswd trough the console.
One otherway is to make a user with uid 0.
and after that diable the root account with /usr/lbin/modprpw -k root.
This is not what i should do but it is an option.
grtz. Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:56 PM
тАО12-08-2005 10:56 PM
Re: Rename root
Thanks a lot,
Arthur
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 11:03 PM
тАО12-08-2005 11:03 PM
Re: Rename root
-Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 11:44 PM
тАО12-08-2005 11:44 PM
Re: Rename root
The very first step in protecting your system is to REPLACE the text in /etc/issue with a non-descriptive message. The typical text is the output of uname -a and that is TOO MUCH information!! It contains the hardware model and the version of HP-UX, far too much information to be shown *before* you login. Instead, just put the name (or nickname if the network name implies HP-UX) of the computer and nothing else.
Then you immdediately convert to a Trusted system. At that point, the root password cannot be guessed without locking out the root user for non-console logins. Note that the lastb command will reveal when and from which IP address a root attack was launched. And to address your manager's concerns, just create an empty /etc/securetty:
cat /dev/null > /etc/securetty
Now, *NO ONE* can login as root except at the real console. To gain root access remotely (telnet, ssh, etc) use su (which logs each access) or better yet, install and configure sudo.
The above will address your manager's concerns. But for truly important systems, you need to download and run Bastille to harden all the security on each system. And get a copy of the HP-UX Security book by Chris Wong.
Bill Hassell, sysadmin