converting system in to trusted one

madhudeepan · ‎11-24-2009

how to convert the system in to trusted , what r the prcedure

Aneesh Mohan · ‎11-24-2009

Hi,

The recommended way is to use SAM/SMH to convert system in to trusted mode

This is my script which I prepared for one of my client to do the same task.

# Trusted Mode
echo
echo "Converting the system in to trusted mode ..."

/usr/sbin/lvcreate -L 5000M -n secure /dev/vg00
wait
/usr/sbin/newfs -F vxfs /dev/vg00/rsecure
wait
mkdir /.secure
wait
cp /etc/fstab /etc/fstab_`date +%Y%m%d%H%M%S`
echo "/dev/vg00/secure /.secure vxfs delaylog,largefiles 0 2" >> /etc/fstab
/usr/sbin/mountall
mkdir /.secure/etc
chmod -R 600 /.secure
cp /etc/passwd /etc/passwd_`date +%Y%m%d%H%M%S`
/etc/tsconvert -c
wait
/usr/lbin/modprpw -V
wait
/etc/tsconvert -p
wait
cd /.secure/etc
/usr/sbin/audsys -n -c audfile1 -s 1048576 -x audfile2 -z 1048576
wait
/usr/sbin/audsys -n
wait
/usr/sbin/audusr -A
wait
cp /etc/rc.config.d/auditing /etc/rc.config.d/auditing_`date +%Y%m%d%H%M%S`
sed 's/AUDITING=0/AUDITING=1/g' < /etc/rc.config.d/auditing > /tmp/auditing
mv /tmp/auditing /etc/rc.config.d/auditing
/usr/sbin/audsys

echo "Verify that no UID 0 Account exists Other than root"

awk -F: '($3 == 0) { print "UID 0 Accounts are Below. Please do block if its not necessary\n" $1 }' /etc/passwd

echo "Setting Password expiry (must expire after 42 days and warn 7 days) for root account"

passwd -x 42 -w 7 root

echo "===================================================================="
echo " The sytem has been converted to Trusted Mode "
echo "===================================================================="

Aneesh

Aneesh Mohan · ‎11-24-2009

Hi,

This link may helpfull to you ..

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1259126443596+28353475&threadId=1278210

Aneesh

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

converting system in to trusted one

converting system in to trusted one

Re: converting system in to trusted one

Re: converting system in to trusted one