HPE Community
Operating System - HP-UX
1829535 Members
1744 Online
109992 Solutions
New Discussion

Disable unix accounts

 
SOLVED
Go to solution
jerry1
Super Advisor

‎01-05-2005 06:34 AM

‎01-05-2005 06:34 AM

Disable unix accounts

Does anyone know how to set auto disabling
of a unix account after N number of failed
login attemps?

0 Kudos
Reply
7 REPLIES 7
Patrick Wallek
Honored Contributor

‎01-05-2005 06:57 AM

‎01-05-2005 06:57 AM

Solution

Re: Disable unix accounts

The system has to be converted to a trusted system in order to do this. This can be done through the security policies for each user or with the /usr/lbin/modprpw command.

To convert your system to trusted you can use SAM, or /usr/lbin/tsconvert.

If you cannot convert to trusted, then this cannot be done.
Reply
David DeWitt_2
Frequent Advisor

‎01-05-2005 07:22 AM

‎01-05-2005 07:22 AM

Re: Disable unix accounts

If you're in a situation like mine you are not allowed to set up trusted systems. You may be able to script something to run a comparison of the output from "last" and "lastb". Upon determining N consecutive failures the script could restrict the account. Unfortunately, this would probably be fairly difficult and would be less than timely. IE: if you scheduled it in cron to run a check every 5 minutes then it will be up to 5 minutes before an account is deactivated (during an attack?). Perhaps one of the gurus here knows of a better timing mechanism than cron... Maybe a system process that takes place at login attempt?
Reply
Steven E. Protter
Exalted Contributor

‎01-05-2005 07:26 AM

‎01-05-2005 07:26 AM

Re: Disable unix accounts

This script can be modified to check the /var/adm/btmp file and disable any account.

The account disable feature is commented out because I use it to report bad root logins to myself.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Hoang Chi Cong_1
Honored Contributor

‎01-05-2005 04:24 PM

‎01-05-2005 04:24 PM

Re: Disable unix accounts

Hi Jerry Moore.
Yep, you can conver your system to *Trusted system*.
First, check for the trusted system software has been installed on your system:
#swlist -l product SecurityMon

In trusted system, there are some disadvantages:
For example:
- The trusted systems functionality stores user password in a series of special format database files under the /tcb directory structure. NIS is unaware of the /tcb directory so that in trusted systems may not be used in conjunction with NIS.
- Some application attemp to directly read or modify the /etc/passwd file. SO that it may not work in trusted systems. thus, should check again all of application that are running on your systems.

And as I see in our forum: If you fogot root password in trusted system, it is *VERY* to recover root password...
:):)
Anyway, goodluck to you (and of course, you can *Unconvert a trusted system*)

Hope this helps
Regard,
HoangChiCong
Looking for a special chance.......
Reply
Hoang Chi Cong_1
Honored Contributor

‎01-05-2005 04:31 PM

‎01-05-2005 04:31 PM

Re: Disable unix accounts

Sorry for abit quickly when press submit button......

I have a strong recommend for you:
After convert to trusted system, should make a full system backup.
And the easest way to convert to trusted systems by using SAM.
Here are steps:
SAM--->Auditing and Security--->Audited Events (in HP-UX 11i).

Best and regard,
HoangChiCong

Looking for a special chance.......
Reply
Hoang Chi Cong_1
Honored Contributor

‎01-05-2005 04:37 PM

‎01-05-2005 04:37 PM

Re: Disable unix accounts

And one more.....
After convert to trusted systems, to disable of unix account after N number of failed login attemp, just do follow steps:
SAM-->Auditing and Security
-->System Security Policies
-->Terminal Security Policies

And you can define how many times to login attemp with this field: "Unsuccessful Login Tries Allowed"

Hope that are everything that you need.

HAPPY NEW YEAR
HoangChiCong


Looking for a special chance.......
Reply
Indira Aramandla
Honored Contributor

‎01-05-2005 04:49 PM

‎01-05-2005 04:49 PM

Re: Disable unix accounts

Hi Jerry,

Yes if you convert your system to Trusted System, by default the system will disable
a unix account after 3 unsuccessfull / failed
login attemps.


Indira A
Never give up, Keep Trying
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.