HPE Community
Operating System - HP-UX
1834642 Members
3242 Online
110069 Solutions
New Discussion

Bastille problem

 
SOLVED
Go to solution
Sauvik Basu
Advisor

‎07-03-2006 12:31 AM

‎07-03-2006 12:31 AM

Bastille problem

Hi,
We had used Bastille to harden our HP-UX servers.Today afternoon onwards no user is able to login and the error message is "Account is disabled - see Account Administrator".Even logging from the console has stopped with the same error.Also,root login is facing the same problem.Can anyone suggest some way out?
Thanks in advance,
Sauvik Basu.
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎07-03-2006 12:42 AM

‎07-03-2006 12:42 AM

Solution

Re: Bastille problem

Shalom Sauvik,

You choose the option to convert your system to trusted. This sets a hard limit, 90 days on how long an account can remain in use without a password change.

Probably password changes were not enforced before the conversion.

root login should re-enable the root account on all login modes.

Your accounts are expired even if you convert back from trusted mode to normal.

I suggest you login as root and use sam to set general system policy.

Then:
cp /etc/passwd /tmp/userlist

while read -r DATA
do
user=$(echo $DATA | awk -F: '{print $1}'
passwd -n 7 -w 7 -x 90 $user


done < /tmp/userlist


# You probably will need a modprpw command to this loop to unlock the user.

rm -f /tmp/userlist

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sauvik Basu
Advisor

‎07-03-2006 12:53 AM

‎07-03-2006 12:53 AM

Re: Bastille problem

Thanks for your advice.But.I am not able to login as root through telnet session or from console.Any idea as to how I can do that?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.