HPE Community
Operating System - HP-UX
1833445 Members
2920 Online
110052 Solutions
New Discussion

How to check if a system is trusted or not?

 
SOLVED
Go to solution
dictum9
Super Advisor

‎09-01-2006 08:15 AM

‎09-01-2006 08:15 AM

How to check if a system is trusted or not?

hp-ux 11.23 presumably

ten_points

0 Kudos
Reply
14 REPLIES 14
A. Clay Stephenson
Acclaimed Contributor

‎09-01-2006 08:19 AM

‎09-01-2006 08:19 AM

Solution

Re: How to check if a system is trusted or not?

Check to see if you have a /tcb directory. The system does it via the iscomsec() system call which checks to see if /tcb/files/auth/system/default exists so this is really the test that you should do. Man 2 iscomsec for details.
If it ain't broke, I can fix that.
Reply
IT_2007
Honored Contributor

‎09-01-2006 08:22 AM

‎09-01-2006 08:22 AM

Re: How to check if a system is trusted or not?

check /etc/passwd for 2nd field and if it is * then it is trusted.

check /tcb/files/auth/system directory.
Reply
DCE
Honored Contributor

‎09-01-2006 08:23 AM

‎09-01-2006 08:23 AM

Re: How to check if a system is trusted or not?



If the directory /tcb exists, it is probably trusted.

also, the /etc/passwd file will not contain any encrypted passwords.

Finally, SAM auditing asecurity will not work unless the system is trusted

Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-01-2006 08:25 AM

‎09-01-2006 08:25 AM

Re: How to check if a system is trusted or not?

Wrong Answer:
check /etc/passwd for 2nd field and if it is * then it is trusted

This means nothing. '*' in the passwd hash field of /etc/passwd, by convention, means that the account is locked on an untrusted system. At best '*' means that the system MIGHT be trusted.
If it ain't broke, I can fix that.
Reply
dictum9
Super Advisor

‎09-01-2006 08:42 AM

‎09-01-2006 08:42 AM

Re: How to check if a system is trusted or not?

In a nutshell

has /tcb directory = trusted


does not have /tcb directory NOT trusted

Correct?


0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-01-2006 08:45 AM

‎09-01-2006 08:45 AM

Re: How to check if a system is trusted or not?

The nutshell is almost always correct; however, do the same test that the system does and check to see if /tcb/files/auth/system/default exists and you and the OS will always agree that the system is trusted or not.

Again, man 2 iscomsec and READ it this time.
If it ain't broke, I can fix that.
Reply
dictum9
Super Advisor

‎09-01-2006 08:58 AM

‎09-01-2006 08:58 AM

Re: How to check if a system is trusted or not?

OK, that's pretty straightforward.


0 Kudos
Reply
sajeer_2
Regular Advisor

‎09-01-2006 09:07 AM

‎09-01-2006 09:07 AM

Re: How to check if a system is trusted or not?



type
/usr/lbin/getprdef -r

or

Try man iscomsec (to get further information)


sajeer
0 Kudos
Reply
sajeer_2
Regular Advisor

‎09-01-2006 09:13 AM

‎09-01-2006 09:13 AM

Re: How to check if a system is trusted or not?


See this link

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=11108
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-01-2006 01:28 PM

‎09-01-2006 01:28 PM

Re: How to check if a system is trusted or not?

Or with a shell command:

[ -f /tcb/files/auth/system/default ] && echo "System is Trusted" || echo "No, system is not Trusted"


Bill Hassell, sysadmin
0 Kudos
Reply
inventsekar_1
Respected Contributor

‎09-03-2006 07:43 AM

‎09-03-2006 07:43 AM

Re: How to check if a system is trusted or not?

/usr/lbin/getprdef -r

in a not trusted system(11.11),
"System is not trusted."
in a trusted system(11.23),

#/usr/lbin/getprdef -r
NO, 0, 8, 182, 196, -1, 7, YES, YES, NO, NO, NO, YES, 3, 10, 2, 0

i tried man getpredef
no manuals.

1)then how to find out the other options for getpredef??
2.)what information is getprdef returns? what is meant by the above output?
Be Tomorrow, Today.
0 Kudos
Reply
inventsekar_1
Respected Contributor

‎09-03-2006 07:49 AM

‎09-03-2006 07:49 AM

Re: How to check if a system is trusted or not?

Hi /etc,

if the system is already converted to trusted one,

# /usr/lbin/tsconvert
System has already been converted.

if the system is not trusted,
# /usr/lbin/tsconvert
this command will convert the system into trusted one. (be careful. it wont ask yes or no before converting)
some method is there to unconvert. i will post that soon.
Be Tomorrow, Today.
0 Kudos
Reply
nibble
Super Advisor

‎09-03-2006 10:52 PM

‎09-03-2006 10:52 PM

Re: How to check if a system is trusted or not?

use the command "tsconvert" or verify the /etc/passwd, it should have a * in the password field if its trusted already
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎09-03-2006 11:08 PM

‎09-03-2006 11:08 PM

Re: How to check if a system is trusted or not?

Simplest way to me, check for the present of a /tcb directory, if it exists, then the system should be trusted.

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.