HPE Community
Operating System - HP-UX
1830470 Members
2711 Online
110005 Solutions
New Discussion

few questions for security checklist

 
Jessica_37
Occasional Contributor

‎09-08-2005 09:33 AM

‎09-08-2005 09:33 AM

few questions for security checklist

1. what is /etc/aliases, why need remove it for some security reason?

2. what is GSP level (press Ctrl-B on cosole)?

3. If the system is not "Trusted System" how to check whether a user account is locked or not? (* in encrypted password field?)
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎09-08-2005 10:01 AM

‎09-08-2005 10:01 AM

Re: few questions for security checklist

/etc/aliases is a sendmail configuration file.

It lets you set up alternate email addresses for users, even used to forward mail to other servers

barry: barrrybud@somewhere.com
bin: root



This configuration forwards local user barry to barrybud@somewhere.com

Notice the second entry(from a linux box) bin: forwarded to root.

You DO NOT want to just delete this file.

2. GSP Ctrl-B is how you switch you console to GSP mode. This gives you the ability to force crash dumps, reset the system and do all kinds of system function. GSP is a card with cpu and limited memory in your system that will keep running even if the rest of the system is crashed.

3. passwd -sa

that command will provide you a report.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-08-2005 01:01 PM

‎09-08-2005 01:01 PM

Re: few questions for security checklist

1. /etc/aliases is not a security risk unless a root user changes the permissions and ownership potentially diverting important root email. If someone suggests that this file should be removed, ask the exact reason.

2. The GSP (Guardian Service Processor) is a separate computer which monitors the hardware. It is powered on whenever the power plug is in the wall and can power the main processor on/off, monitor selftests, log hardware errors, set boot options, etc.

3. In a non-trusted system, a user account not locked in the same way as a Trusted system. A locked user name is simply one that doesn't have a valid password. The password field must have exactly 13 password characters so if it is shorter then the account is reported as locked. Typically, tools like SAM will just put * in the password field but you could change the * to LOCKED and it would have the same effect.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.