- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Modem Security
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 08:21 AM
01-18-2002 08:21 AM
Modem Security
I would like to configure a modem for dial-in on D box with 10.20. This is a trusted system and I would like to configure modem with security feature.
The most of the docs on this site explains about /etc/d_passwd and /etc/dialups.
But both the files are not present in this directory. I tried creating d_passwd file passwd -F /etc/d_passwd /usr/bin/ksh without any sucess
A step by step help would be highly appriciated. Also let me know if there is any other security features available for modem.
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 08:39 AM
01-18-2002 08:39 AM
Re: Modem Security
1. Edit /etc/dialups to add a list of dialin ports for which you want to have a dialup password. For example:
/dev/ttyd0p7
/dev/ttyd0p1
2. Edit /etc/d_passwd to look like:
/usr/bin/sh::comment
where the first field is the shell to be used, the second field is reserved for an encrypted password, and the third field is comment.
3. Add the password to /etc/d_passwd using the following command:
# passwd -F /etc/d_passwd /usr/bin/sh
This prompts for the password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 09:19 AM
01-18-2002 09:19 AM
Re: Modem Security
I've read this doc, The problem is I don't have these files in my /etc/ directory (d_passwd and dialups) Do I need to creat this file..?
T tried creating d_passwd file and then executed passwd -F option. (passwd -F /etc/d_passwd /bin/sh) I'm getting an error saying invalied login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 09:56 AM
01-18-2002 09:56 AM
Re: Modem Security
I'm not sure if this would make a difference but try it anyway .. try using /usr/bin/sh in both the d_passwd file entry and the passwd command.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 11:39 AM
01-18-2002 11:39 AM
Re: Modem Security
I created file d_passwd with touch command with 600 permissions.
and when I run passwd -F /etc/d_passwd /usr/bin/sh I get invalied login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 12:03 PM
01-18-2002 12:03 PM
Re: Modem Security
The problem lies in the length of the loginname.
ANd there is a patch out that addresses this bug. If you don't have this patch then apply.
PHCO_13734
No reboot is required.
Geno-HP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 01:11 PM
01-18-2002 01:11 PM
Re: Modem Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 01:41 PM
01-18-2002 01:41 PM
Re: Modem Security
/sbin/sh::0:0:comment::
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 01:42 PM
01-18-2002 01:42 PM
Re: Modem Security
/usr/bin/sh::0:0:comment::
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 01:53 PM
01-18-2002 01:53 PM
Re: Modem Security
Tried that but when I use passwd -F /etc/d_passwd /usr/bin/sh
I get invalied login name
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 02:22 PM
01-18-2002 02:22 PM
Re: Modem Security
Quote ..
The problem was introduced onto your system with the application of patch PHCO_10274 (superseeded by PHCO_13734). One of the fixes in the patch was for a security problem. In this fix, there was a check added for an 8 character username in /etc/passwd. When dialup security is invoked, login requests an additional password, and checks it against that found in /etc/d_passwd. The command name found in the ``program to use as shell'' field of /etc/passwd is used to select the password to be used. With the SVR4 file system, it
now has path names to shells that exceed the 8 character limit.
The workaround is to use a bogus "program to use as shell".
In /etc/d_passwd you need something like:
shell::comment
Then run passwd:
passwd -F /etc/d_passwd shell
After the password has been changed, edit /etc/d_passwd to have the path to the real shell that you want to use.
Unquote ..
Good Luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 02:52 PM
01-18-2002 02:52 PM
Re: Modem Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2002 04:35 PM
01-18-2002 04:35 PM
Re: Modem Security
1) Edit /etc/d_passwd to look something like this list:
shell1::comment
shell2::comment
/usr/bin/sh:
Note: Remember, shell1 to 3 is dummy shell. I am assuming you've got the first part done (ie set up /usr/bin/sh line with password)
2) Run ..
# passwd -F /etc/d_passwd shell1
# passwd -F /etc/d_passwd shell2
3) Create links for the users to their shells:
# ln -s /usr/bin/sh /usr/bin/uss1
# ln -s /usr/bin/sh /usr/bin/uss2
4) Edit the /etc/passwd and /etc/d_passwd files so that the shell is listed with the new links:
# vi /etc/passwd
dialup1:
dialup2:
# vi /etc/d_passwd
/usr/bin/uss1:
/usr/bin/uss2:
/usr/bin/sh:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2002 08:04 AM
01-21-2002 08:04 AM
Re: Modem Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2002 08:11 AM
01-21-2002 08:11 AM
Re: Modem Security
Have you looked into dial-back modems?
http://rr.sans.org/unix/sec_HPUX.php
live free or die
harry