1830048 Members
20546 Online
109998 Solutions
New Discussion

HPUX equivalency to AIX

 
SOLVED
Go to solution
Bryan D. Quinn
Respected Contributor

HPUX equivalency to AIX

Hello,

Is there an HPUX file that is equivalent to the /ETC/SECURITY/USER file in AIX?

A request for this file is being made by our corporate auditor.

Thanks,
-Bryan
14 REPLIES 14
Steven E. Protter
Exalted Contributor

Re: HPUX equivalency to AIX

Maybe /etc/default/security

For us HP-UXers eager to help you might tell us what the file does on AIX.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Robert-Jan Goossens
Honored Contributor

Re: HPUX equivalency to AIX

Hi Bryan,

Check this page, it is grate :-)

http://www.rudiment.dk/~incore/UnixFlavours.html

/etc/securetty

Hope this helps,
Robert-Jan

Robert-Jan Goossens
Honored Contributor

Re: HPUX equivalency to AIX

s/grate/great

0 points PLEASE
John Poff
Honored Contributor
Solution

Re: HPUX equivalency to AIX

Hi,

There isn't an equivalent file in HP-UX. The /etc/security/user file in AIX is an ASCII file with entries for attributes for each user. Some of the attributes can be handled in HP-UX with the 'passwd' command.

Here is a link to a page that explains the /etc/security/user file in AIX 4:

http://nscp.upenn.edu/aix4.3html/files/aixfiles/user.htm

JP
Abdul Rahiman
Esteemed Contributor

Re: HPUX equivalency to AIX

Bryan,

Our auditors too asked for the same file on HP-UX and I think the AIX /etc/security/user file is for the user security parameters like password expiry, login retries, nu. of characters etc..

I think in HP-UX, it would be the files under /tcb/files/auth/* and /tcb/files/auth/system/*.

# man authcap, for more info.

Abdul.
No unix, no fun
Bryan D. Quinn
Respected Contributor

Re: HPUX equivalency to AIX

Thanks everybody!

Steven- I am not familiar with what the file does on AIX, the auditor sent me a copy of the file saying he needed the equivalent for our system (which is HPUX). I didn't think there was an equivalent, but wanted to make sure before I told the auditor such.

John- I was pretty sure there was not an equivalent, but wanted more senior admins to verify this with.

I am the only HPUX admin here and you guys are my support when there are questions I can't answer. So thanks everyone for your responses.

-Bryan
Steven E. Protter
Exalted Contributor

Re: HPUX equivalency to AIX

Tough Spot Bryan.

The auditors need to explain the functionality of the file then. We had a security audit and when they started asking solaris or linux questions my response was the same.

Tell me what the file does and I'll let you know what the equivalent file is in HP-UX, if it exists.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bryan D. Quinn
Respected Contributor

Re: HPUX equivalency to AIX

Steven,

I am not an AIX admin, I am an HPUX admin so I am not familiar with this file. This file was given to the auditor by another division of our company (which runs AIX) and he wanted to know if we have anything equivalent to it. But from what I see in the file, it tracks user authorities, locks, expirations, login times....basically very detailed information about user access. I have never seen anything like it in HPUX, but knowing I am not all knowing I thought I would ask you guys and gals.

Thanks for all responses!
-Bryan
Dave Wherry
Esteemed Contributor

Re: HPUX equivalency to AIX

No points please. Just adding an old war story.

In my experience auditors are frustrated Sys. Admins who were not up to snuff, or, accountants who are IT wannabes.

I had an audit and the only thing they nicked me on was that there was not a fire extinguisher in the computer room. I countered that there was one just outside the door. They insisted that it had to be inside. My last counter was that if I was in the room and a fire broke out I could quickly get to the extinguisher. If I walked up and saw a fire inside, I wasn't going in to get it and the room would go up in flames.

They wouldn't budge and that was my only negative mark so I guess overall it was a successful audit.
Bryan D. Quinn
Respected Contributor

Re: HPUX equivalency to AIX

Hey Dave,

I couldn't help it, I had to give you atleast a couple of points. Thanks for the story and as for your description of auditors....I think you hit the nail on the head.

Thanks,
-Bryan
Jeff Schussele
Honored Contributor

Re: HPUX equivalency to AIX

Hi Bryan,

Well there's no equivalent in a single HP-UX file, but the equivalents would be in
/tcb/files/auth/system/default
where time values are held as well as unsuccessful attempts and such
And the following file
/etc/default/security
where history & PW character composition are defined.
Of course the system *must* be in trusted mode for most of these to apply.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Bryan D. Quinn
Respected Contributor

Re: HPUX equivalency to AIX

Thanks Jeff,

That pulled it all together for me. My next question was going to be, why don't I have those files...but your Trusted Mode explanation knocked that question out. We are not running a Trusted system, so my initial response to the auditor was correct.

Although I am sure after he reports back to corporate, they will want us on a Trusted system.

Thanks again.
-Bryan
R. Sri Ram Kishore_1
Respected Contributor

Re: HPUX equivalency to AIX

Hi Bryan,

I too think that there is no equivalent file for /etc/security/user on HP-UX. This file controls the access to services user-wise. In HP-UX you can only control access service- wise. That is, you can only mention if a particular service can be accessed by a user or not. However, for any user, it is not possible to specify the services he/she can or cannot access, as in the /etc/security/user file.

The following link says that the Solaris equivalent of /etc/security/user in AIX is /etc/pam.conf (I have quoted this because pam.conf is very much the same in both Solaris and HP-UX):
http://www-1.ibm.com/servers/aix/products/aixos/whitepapers/aixmapping.html

The pam.conf file isn't the direct equivalent of /etc/security/user but in a way tries to achieve the same objective... ie., control access to services.

HTH,
Sri Ram
"What goes up must come down. Ask any system administrator."
Ted Buis
Honored Contributor

Re: HPUX equivalency to AIX

Before you let decide to use trusted mode or decide that HP-UX doesn't have equivalent functionality, I suggest that you review HP-UX option at this site: http://www.hp.com/products1/unix/operating/security/index.html#system
The raise your own questions like; does AIX offer IP filtering or intrusion detection as is available standard in HP-UX 11i? What about Bastille for AIX? If you need ACLs then you want Trusted Mode. So if the question is whether HP-UX has ACLs then the answer is yes.
Mom 6