HPE Community
Operating System - HP-UX
1834625 Members
3402 Online
110069 Solutions
New Discussion

Re: lastb command to wrk....for ordinary users...

 
SOLVED
Go to solution
chindi
Respected Contributor

‎09-14-2008 11:59 PM

‎09-14-2008 11:59 PM

lastb command to wrk....for ordinary users...

hi,
i would like lastb command to wrk for ordinary users....

how do i make it available to all ordinary users...just for a exercise...
i know its a big security threat but still would like to do it...for my development server.....

hpux 11i v2...
root #/var/adm >ls -lrt *tmp*
-rwxr-xr-x 1 root sys 280 Jul 24 18:45 wtmpx
-rwxr-xr-x 1 root other 741780 Sep 15 13:10 btmp
-rwxr-xr-x 1 root other 11230048 Sep 15 13:10 btmps
-rwxr-xr-x 1 adm adm 5256840 Sep 15 13:26 wtmp
-rw-rw-r-- 1 adm adm 138667360 Sep 15 13:26 wtmps


rx46460...

Regards,
Tejas
0 Kudos
Reply
17 REPLIES 17
Ivan Krastev
Honored Contributor

‎09-15-2008 12:12 AM

‎09-15-2008 12:12 AM

Re: lastb command to wrk....for ordinary users...

Just install and configure sudo. After that enable lastb via sudo.

regards,
ivan
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-15-2008 12:56 AM

‎09-15-2008 12:56 AM

Re: lastb command to wrk....for ordinary users...

Why do you want to enable lastb(1)? If it is a development server don't you all have root? :-)

This isn't just some "just for a exercise".
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 01:04 AM

‎09-15-2008 01:04 AM

Re: lastb command to wrk....for ordinary users...

hi Dennis,
WE do have sudo installed....
but i wuld like to enable it for all users..without sudo ..
is it possible or not ????
0 Kudos
Reply
Kenan Erdey
Honored Contributor

‎09-15-2008 01:21 AM

‎09-15-2008 01:21 AM

Re: lastb command to wrk....for ordinary users...

hi,

if you change /var/adm/btmp file's permission it's possible. but as this file contain password information it is a security hole.
Computers have lots of memory but no imagination
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 01:25 AM

‎09-15-2008 01:25 AM

Re: lastb command to wrk....for ordinary users...

Hi Kenan,
so what permissions i should be giving to it...

I know its a hole....but since its a development server...its fine....

Regards,
chindi
0 Kudos
Reply
Kenan Erdey
Honored Contributor

‎09-15-2008 01:37 AM

‎09-15-2008 01:37 AM

Re: lastb command to wrk....for ordinary users...

put users into a group i.e group_name then

chown root:group_name /var/adm/btmp
chmod 660 /var/adm/btmp
Computers have lots of memory but no imagination
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 01:45 AM

‎09-15-2008 01:45 AM

Re: lastb command to wrk....for ordinary users...

Hi Kenan,

g1 /var/adm > ll *tmp*
-rw-rw---- 1 root sgr 741780 Sep 15 13:10 btmp



g1 /home/g1 > lastb -R|grep sud
g1 /home/g1 > id
uid=223(g1) gid=108(sgr)



root #/var/adm >lastb -R|grep sud|head -2
sud ssh:notty 10.1.4.190 Fri Sep 12 13:35
sud ftp 10.1.4.163 Thu Sep 11 16:26




0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-15-2008 02:24 AM

‎09-15-2008 02:24 AM

Re: lastb command to wrk....for ordinary users...

You could also change the permissions on the btmps file so everyone can read it. It appears this was the case in your initial listing.

You should immediately remove execute permission from your ?tmp* files.
0 Kudos
Reply
Kenan Erdey
Honored Contributor

‎09-15-2008 02:24 AM

‎09-15-2008 02:24 AM

Re: lastb command to wrk....for ordinary users...

try log out and log in again. tried and worked for me.
Computers have lots of memory but no imagination
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 02:29 AM

‎09-15-2008 02:29 AM

Re: lastb command to wrk....for ordinary users...

Hi Keenan,Dennis,

when i run lastb from that user i am getting

g1 /home/g1 > lastb
lastb can be invoked only by root. Exiting ....
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-15-2008 02:39 AM

‎09-15-2008 02:39 AM

Re: lastb command to wrk....for ordinary users...

>lastb can be invoked only by root.

Then you'll have to make a copy of lastb and turn it into a setuid root executable.
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 02:49 AM

‎09-15-2008 02:49 AM

Re: lastb command to wrk....for ordinary users...

Hi Dennis,


root #/usr/bin >ll /usr/bin/lastb
-rwsr-xr-x 2 bin bin 46772 Dec 22 2004 /usr/bin/lastb


even after this its not executing....
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-15-2008 02:51 AM

‎09-15-2008 02:51 AM

Solution

Re: lastb command to wrk....for ordinary users...

I believe the lastb command (actually it is the last command with a link to lastb) checks internally for the root user. And for good reason. To allow ordinary users to view failed login attempts is a terrible security risk. It is very common for users to type their password when the prompt is for user. This mistake is recorded in the btmp file. So by using the timestamp of the failed login, the next successful login is probably the real user -- and now the user and the password are known to everyone.

So it is a very bad idea to circumvent these restrictions. You can give users a special alias called something like retrylist that is hardcoded to their personal login. That way, only bad logins using their correct username will be shown, something like this:

alias retrylist="sudo lastb -R $(id -un)"

You don't want users browsing all the failed logins...


Bill Hassell, sysadmin
Reply
Dennis Handly
Acclaimed Contributor

‎09-15-2008 02:53 AM

‎09-15-2008 02:53 AM

Re: lastb command to wrk....for ordinary users...

>even after this its not executing

Of course not. To make a setuid root executable you have to use chmod and chown. There may be a specific ordering.
0 Kudos
Reply
chindi
Respected Contributor

‎09-15-2008 03:14 AM

‎09-15-2008 03:14 AM

Re: lastb command to wrk....for ordinary users...

Hi guys,
Its ok i have decided to leave it,since its a bit tedious one...and also a big security hole as pointed by all of u guys ( Bill,Dennis,Kenan).....




Regards,
Chindi....
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-15-2008 02:18 PM

‎09-15-2008 02:18 PM

Re: lastb command to wrk....for ordinary users...

>ME: To make a setuid root executable

While you can do this, it won't work:
$ ll lastb
-r-sr-xr-x 1 root sys 46764 Sep 15 15:12 lastb*
$ ./lastb
lastb can be invoked only by root. Exiting ....
0 Kudos
Reply
Sandeep_Chaudhary
Trusted Contributor

‎09-15-2008 08:36 PM

‎09-15-2008 08:36 PM

Re: lastb command to wrk....for ordinary users...

I am totally agree with Evan. Use s"sudo" for thi spurpose. I dont recomment u to change permission of files.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.