HPE Community
Operating System - HP-UX
1827295 Members
3812 Online
109717 Solutions
New Discussion

Commands or Procedures to Examine Security Policies

 
Donald Osbourne
Occasional Advisor

‎06-15-2004 04:38 AM

‎06-15-2004 04:38 AM

Commands or Procedures to Examine Security Policies

I am running HP/UX 11.0 with Trusted Host security turn on. Other than using SAM, how can I locate and view the files containing the policy settings? The security Auditors are looking for the file names and/or commands that will provide the following info:

General Account Policy, Password Policy on Initial Login, Aging, Time between Change, Maximum Fail Login Attempts and Restricting Root login to the system consoles only.

I thank you for any assistance you can give in uncovering the mystery of Trusted Host and any useful commands that will provide a quick glance at the policies and configuration in force.

Thanks
Don
0 Kudos
4 REPLIES 4
RAC_1
Honored Contributor

‎06-15-2004 04:42 AM

‎06-15-2004 04:42 AM

Re: Commands or Procedures to Examine Security Policies

man getprpw.
The trusted database is under /tcb directory.

e.g.
/usr/lbin/getprp -m liftm "user_name"
Will give you the lifetime(days) of the usser user_name

/usr/lbin/getprpw user_name will all details.

Anil
There is no substitute to HARDWORK
0 Kudos
Steven E. Protter
Exalted Contributor

‎06-15-2004 04:44 AM

‎06-15-2004 04:44 AM

Re: Commands or Procedures to Examine Security Policies

These policies can be provided to the auditors by screen printing the sam screen of the items you just mentioned.

Take the screen print as you check or set these policies. Thats the way I make our auditors happy.

In the case of root restrictions, print out the configuration file involved. If the auditors know nothing about HP-UX you may wish to provide them the pages from documentation HP-UX Security in this case or itrc that explaints the configuration files.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Sridhar Bhaskarla
Honored Contributor

‎06-15-2004 04:49 AM

‎06-15-2004 04:49 AM

Re: Commands or Procedures to Examine Security Policies

Hi Don,

I understand that these systems are trusted so

'getprdef' and 'getprpw' can be used to gather the information you are looking for. The corresponding information is in /tcb/files/auth// for individual users and /tcb/files/auth/system/default for systemwide parameters. /etc/passwd and /etc/group files are flat files that will have uid,gid,home, shell entries. last and lastb commands along with /var/adm/su.log and /var/adm/syslog/syslog.log can help identify the successful/unsuccessful login attempts. /etc/securetty determines root's direct login from other than console/CDE. /etc/default/security file will have additional security options. Look for .rhosts, .netrc in each users' home directory and /etc/hosts.equiv for backdoors.

The above are some of the tools/files that may help you in tightening user security. Try "Bastille" that can help you report and configure any security issues in other areas.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Donald Osbourne
Occasional Advisor

‎06-15-2004 08:40 AM

‎06-15-2004 08:40 AM

Re: Commands or Procedures to Examine Security Policies

Thanks guys, the getprpw seems pretty useful. I will have research the options that will get me all that I need.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.