Operating System - Linux
1748185 Members
4308 Online
108759 Solutions
New Discussion юеВ

Re: Root password is disabling continuously

 
SOLVED
Go to solution
Court Campbell
Honored Contributor

Re: Root password is disabling continuously

What are you using to connect to the box? SSH?

The alock=NO, lockout=0000000 is telling me that the account is not locked. man getprpw to find out what the lockout fields mean.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
csreenivas
Frequent Advisor

Re: Root password is disabling continuously

We used to connect through telnet.

As of now its not locked but it is getting locked within few hours.
Court Campbell
Honored Contributor

Re: Root password is disabling continuously

next time the account is locked, look at the getprpw command and see what the lockout fields are. What do you mean by you didn't anything with lastb -R?

Also, what did you see in /var/adm/sulog? If the fourth filed is a - (minus sign) then that means someone had an su to a user.

ex.

SU 06/07 09:11 - 0 badboy-root

this tells me that badboy was unsuccessful as su'ing to root at 9:11 today.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Court Campbell
Honored Contributor

Re: Root password is disabling continuously

Have you thought about setting up HIDS. It's rather easy to implement. It can be setup to log unsuccessful logins and much more. Pluses are that it is a freebie and it's supported by HP.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
csreenivas
Frequent Advisor

Re: Root password is disabling continuously

Please find the information when the root password is locked

# /usr/lbin/getprpw root
uid=0, bootpw=YES, audid=0, audflg=1, mintm=0, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Tue May 29 14:53:37 2007, upwchg=-1, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Jun 7 05:51:30 2007, ulogint=Thu Jun 7 07:42:49 2007, sloginy=pts/ta, culogin=7, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000
Court Campbell
Honored Contributor

Re: Root password is disabling continuously

Not that you didn't already know this, but that fourth field set to 1 in lockout means that root has exceeded unsuccessful login attempts. Again you need to look at the sulog and lastb, etc. to see who is causing the issue.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
csreenivas
Frequent Advisor

Re: Root password is disabling continuously

please find lastb and sulog. srinu is my userid.



# lastb
sybase pts/ta Fri Jun 1 05:32
sybase pts/ta Fri Jun 1 05:32
sybase pts/ta Fri Jun 1 03:34

/var/adm/sulog
SU 06/05 03:13 - ta srinu-root
SU 06/05 03:13 + ta srinu-rootb
SU 06/05 03:15 + ta srinu-root
SU 06/06 02:59 - ta srinu-root
SU 06/06 02:59 + ta srinu-rootb
SU 06/06 03:00 + ta srinu-root
SU 06/06 05:18 + ta srinu-root
SU 06/07 02:21 - ta srinu-root
SU 06/07 02:22 + ta srinu-rootb
SU 06/07 02:26 + ta srinu-root
SU 06/07 05:50 - ta srinu-root
SU 06/07 05:51 + ta srinu-rootb
SU 06/07 05:51 + ta srinu-root
SU 06/07 07:42 - ta srinu-root
SU 06/07 07:43 + ta srinu-rootb
csreenivas
Frequent Advisor

Re: Root password is disabling continuously

Its getting enabled when I connect from rootb
(same as root) and switch to root
John Payne_2
Honored Contributor

Re: Root password is disabling continuously

Do you have something like HP SIM set up trying to connect via wbem? If you have that set up, and the wbem root pw is wrong, you would see this sort of thing.

John
Spoon!!!!
Court Campbell
Honored Contributor

Re: Root password is disabling continuously

Looks like you helped lock the account

getprpw
ulogint=Thu Jun 7 07:42:49 2007

sulog
SU 06/07 07:42 - ta srinu-root

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"