cancel
Showing results for 
Search instead for 
Did you mean: 

trusted system

SOLVED
Go to solution
rajesh73
Super Advisor

trusted system

HI

I have rp3440 server and i installed hp-ux 11.11
how to trust the system

any one help me very urgent
12 REPLIES
Hakki Aydin Ucar
Honored Contributor
Solution

Re: trusted system

Hi,
The preferred method of converting a system to Trusted Systems is by using SAM. The resulting files and directories that manage the Trusted Computing Base (TCB) are sensitive to inappropriate editing (don't mess it up) leading to a system which may lock out every user, including root. Such a situation would probably need the use of the Recovery Media, the Recovery Shell, and some clever backing out of the TCB configuration.

To enable Trusted Systems from within SAM, you would navigate from the Main Menu - Auditing and Security and then to any of the four sub-menus titled "Audited Events," "Audited System Calls," "Audited Users," or "System Security Policies."

http://docs.hp.com/en/B2355-90950/ch08s08.html
Raj D.
Honored Contributor

Re: trusted system

Rajesh,
Using command prompt to convert into trusted mode :
# cd /usr/lbin
# ./tsconvert

To verify trusted sytem:
# cd /usr/lbin ; ./getprpw username

More info: HP-UX Trusted System reference: http://docs.hp.com/en/B2355-90121/ch01s02.html


Hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Sajith P V
Advisor

Re: trusted system

use /etc/tsconvert -c to convert to trusted mode.
users with passwd more than eight characters will not be able to login after conversion unless they enter upto eight characters only.


Sajith P V
Advisor

Re: trusted system

sorry..
run /usr/lbin/tsconvert - c instead of /etc/tsconvert -c
Bill Hassell
Honored Contributor

Re: trusted system

> run /usr/lbin/tsconvert -c

The reason that SAM is preferred is that this command will indeed convert to Trusted but expires *ALL* passwords. If you use this method, you must follow the conversion with:

/usr/lbin/modprpw -V

NOTE: That is a capital V not lowercase v.


Bill Hassell, sysadmin
rajesh73
Super Advisor

Re: trusted system

Hi Bill

If iam suppose convert to trustmode my root password is disabled?
What can I do?
Dennis Handly
Acclaimed Contributor

Re: trusted system

>my root password is disabled?

Logon from the console.
Also, have multiple windows to the machine and use one to test while staying on root with another.
Johnson Punniyalingam
Honored Contributor

Re: trusted system

>>If iam suppose convert to trustmode my root password is disabled?
What can I do?<<<

Looks like you assume ? I am right ?

If yes, you need boot the Server single user mode

Interput ISL> hpux -is
> bo pri

# /usr/lbin/modprpw -k root (enable root account)

or

# cd /tcb/files/auth/r
# vi root

pwd "filed" erase
Problems are common to all, but attitude makes the difference
Raj D.
Honored Contributor

Re: trusted system

Rajesh,

>if root password is disabled?
What can I do?

keep few root session open :
And you can alaways enable the root password using #/usr/lbin/modprpw -k root

" If u think u can , If u think u cannot , - You are always Right . "
rajesh73
Super Advisor

Re: trusted system

HI All

Thank u 4 ur valuable suggestions

I opened multiple section before trusting the system

After trusted i have tried this command #/usr/lbin/modprpw -k root
and than changed the passwd now my server is trusted

Thanku
rajesh
Suraj K Sankari
Honored Contributor

Re: trusted system

Hi,
If your root or any user account goes disable use this command
#/usr/lbin/modprpw -l -k username

Always create a root equivalent account or implement sudo.

Suraj
rajesh73
Super Advisor

Re: trusted system

Ok, surely now iam enabling sudo to this server

thank you