System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

converting system in to trusted one

madhudeepan
Frequent Advisor

converting system in to trusted one

how to convert the system in to trusted , what r the prcedure
2 REPLIES
Aneesh Mohan
Honored Contributor

Re: converting system in to trusted one

Hi,

The recommended way is to use SAM/SMH to convert system in to trusted mode

This is my script which I prepared for one of my client to do the same task.

# Trusted Mode
echo
echo "Converting the system in to trusted mode ..."


/usr/sbin/lvcreate -L 5000M -n secure /dev/vg00
wait
/usr/sbin/newfs -F vxfs /dev/vg00/rsecure
wait
mkdir /.secure
wait
cp /etc/fstab /etc/fstab_`date +%Y%m%d%H%M%S`
echo "/dev/vg00/secure /.secure vxfs delaylog,largefiles 0 2" >> /etc/fstab
/usr/sbin/mountall
mkdir /.secure/etc
chmod -R 600 /.secure
cp /etc/passwd /etc/passwd_`date +%Y%m%d%H%M%S`
/etc/tsconvert -c
wait
/usr/lbin/modprpw -V
wait
/etc/tsconvert -p
wait
cd /.secure/etc
/usr/sbin/audsys -n -c audfile1 -s 1048576 -x audfile2 -z 1048576
wait
/usr/sbin/audsys -n
wait
/usr/sbin/audusr -A
wait
cp /etc/rc.config.d/auditing /etc/rc.config.d/auditing_`date +%Y%m%d%H%M%S`
sed 's/AUDITING=0/AUDITING=1/g' < /etc/rc.config.d/auditing > /tmp/auditing
mv /tmp/auditing /etc/rc.config.d/auditing
/usr/sbin/audsys

echo "Verify that no UID 0 Account exists Other than root"

awk -F: '($3 == 0) { print "UID 0 Accounts are Below. Please do block if its not necessary\n" $1 }' /etc/passwd


echo "Setting Password expiry (must expire after 42 days and warn 7 days) for root account"

passwd -x 42 -w 7 root


echo "===================================================================="
echo " The sytem has been converted to Trusted Mode "
echo "===================================================================="




Aneesh
Aneesh Mohan
Honored Contributor

Re: converting system in to trusted one