HPE Community
Operating System - HP-UX
1752761 Members
5081 Online
108789 Solutions
New Discussion юеВ

Re: trusted system

 
SOLVED
Go to solution
rajesh73
Super Advisor

тАО10-24-2009 12:07 AM

тАО10-24-2009 12:07 AM

trusted system

HI

I have rp3440 server and i installed hp-ux 11.11
how to trust the system

any one help me very urgent
0 Kudos
Reply
12 REPLIES 12
Hakki Aydin Ucar
Honored Contributor

тАО10-24-2009 12:36 AM

тАО10-24-2009 12:36 AM

Solution

Re: trusted system

Hi,
The preferred method of converting a system to Trusted Systems is by using SAM. The resulting files and directories that manage the Trusted Computing Base (TCB) are sensitive to inappropriate editing (don't mess it up) leading to a system which may lock out every user, including root. Such a situation would probably need the use of the Recovery Media, the Recovery Shell, and some clever backing out of the TCB configuration.

To enable Trusted Systems from within SAM, you would navigate from the Main Menu - Auditing and Security and then to any of the four sub-menus titled "Audited Events," "Audited System Calls," "Audited Users," or "System Security Policies."

http://docs.hp.com/en/B2355-90950/ch08s08.html
Reply
Raj D.
Honored Contributor

тАО10-24-2009 12:52 AM

тАО10-24-2009 12:52 AM

Re: trusted system

Rajesh,
Using command prompt to convert into trusted mode :
# cd /usr/lbin
# ./tsconvert

To verify trusted sytem:
# cd /usr/lbin ; ./getprpw username

More info: HP-UX Trusted System reference: http://docs.hp.com/en/B2355-90121/ch01s02.html


Hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Reply
Sajith P V
Advisor

тАО10-24-2009 01:45 AM

тАО10-24-2009 01:45 AM

Re: trusted system

use /etc/tsconvert -c to convert to trusted mode.
users with passwd more than eight characters will not be able to login after conversion unless they enter upto eight characters only.


Reply
Sajith P V
Advisor

тАО10-24-2009 01:47 AM

тАО10-24-2009 01:47 AM

Re: trusted system

sorry..
run /usr/lbin/tsconvert - c instead of /etc/tsconvert -c
Reply
Bill Hassell
Honored Contributor

тАО10-24-2009 03:11 PM

тАО10-24-2009 03:11 PM

Re: trusted system

> run /usr/lbin/tsconvert -c

The reason that SAM is preferred is that this command will indeed convert to Trusted but expires *ALL* passwords. If you use this method, you must follow the conversion with:

/usr/lbin/modprpw -V

NOTE: That is a capital V not lowercase v.


Bill Hassell, sysadmin
Reply
rajesh73
Super Advisor

тАО10-25-2009 08:15 PM

тАО10-25-2009 08:15 PM

Re: trusted system

Hi Bill

If iam suppose convert to trustmode my root password is disabled?
What can I do?
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО10-25-2009 08:31 PM

тАО10-25-2009 08:31 PM

Re: trusted system

>my root password is disabled?

Logon from the console.
Also, have multiple windows to the machine and use one to test while staying on root with another.
Reply
Johnson Punniyalingam
Honored Contributor

тАО10-25-2009 08:35 PM

тАО10-25-2009 08:35 PM

Re: trusted system

>>If iam suppose convert to trustmode my root password is disabled?
What can I do?<<<

Looks like you assume ? I am right ?

If yes, you need boot the Server single user mode

Interput ISL> hpux -is
> bo pri

# /usr/lbin/modprpw -k root (enable root account)

or

# cd /tcb/files/auth/r
# vi root

pwd "filed" erase
Problems are common to all, but attitude makes the difference
Reply
Raj D.
Honored Contributor

тАО10-25-2009 08:44 PM

тАО10-25-2009 08:44 PM

Re: trusted system

Rajesh,

>if root password is disabled?
What can I do?

keep few root session open :
And you can alaways enable the root password using #/usr/lbin/modprpw -k root

" If u think u can , If u think u cannot , - You are always Right . "
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.