1834018 Members
2081 Online
110063 Solutions
New Discussion

Modem Security

 
Rushank
Super Advisor

Modem Security

Hello,

I would like to configure a modem for dial-in on D box with 10.20. This is a trusted system and I would like to configure modem with security feature.

The most of the docs on this site explains about /etc/d_passwd and /etc/dialups.
But both the files are not present in this directory. I tried creating d_passwd file passwd -F /etc/d_passwd /usr/bin/ksh without any sucess
A step by step help would be highly appriciated. Also let me know if there is any other security features available for modem.

Thanks in advance
14 REPLIES 14
S.K. Chan
Honored Contributor

Re: Modem Security

To add a single dialup password for any port listed in the /etc/dialups file, perform the following steps:

1. Edit /etc/dialups to add a list of dialin ports for which you want to have a dialup password. For example:

/dev/ttyd0p7
/dev/ttyd0p1

2. Edit /etc/d_passwd to look like:

/usr/bin/sh::comment

where the first field is the shell to be used, the second field is reserved for an encrypted password, and the third field is comment.

3. Add the password to /etc/d_passwd using the following command:

# passwd -F /etc/d_passwd /usr/bin/sh

This prompts for the password.
Rushank
Super Advisor

Re: Modem Security

Chan,

I've read this doc, The problem is I don't have these files in my /etc/ directory (d_passwd and dialups) Do I need to creat this file..?

T tried creating d_passwd file and then executed passwd -F option. (passwd -F /etc/d_passwd /bin/sh) I'm getting an error saying invalied login
S.K. Chan
Honored Contributor

Re: Modem Security

Yes you need to create /etc/dialups and /etc/d_passwd. These files should be owned by root:root and permission 600.

I'm not sure if this would make a difference but try it anyway .. try using /usr/bin/sh in both the d_passwd file entry and the passwd command.
Rushank
Super Advisor

Re: Modem Security


I created file d_passwd with touch command with 600 permissions.
and when I run passwd -F /etc/d_passwd /usr/bin/sh I get invalied login

Geno Church
Frequent Advisor

Re: Modem Security

Try this...

The problem lies in the length of the loginname.

ANd there is a patch out that addresses this bug. If you don't have this patch then apply.

PHCO_13734

No reboot is required.

Geno-HP
Real Eyes Realize Real Lies
Rushank
Super Advisor

Re: Modem Security

Pacth is already there.. Problem remains..
S.K. Chan
Honored Contributor

Re: Modem Security

Ok .. try this entry in /etc/d_passwd file instead. This is the "workable" passowrd entry format in HPUX11.x but you're running 10.20...so I'm not sure if this will work but at this point you got nothing to lose.

/sbin/sh::0:0:comment::
S.K. Chan
Honored Contributor

Re: Modem Security

Sorry it should be ..

/usr/bin/sh::0:0:comment::
Rushank
Super Advisor

Re: Modem Security

Hi,

Tried that but when I use passwd -F /etc/d_passwd /usr/bin/sh
I get invalied login name

S.K. Chan
Honored Contributor

Re: Modem Security

This is what I found out ..

Quote ..
The problem was introduced onto your system with the application of patch PHCO_10274 (superseeded by PHCO_13734). One of the fixes in the patch was for a security problem. In this fix, there was a check added for an 8 character username in /etc/passwd. When dialup security is invoked, login requests an additional password, and checks it against that found in /etc/d_passwd. The command name found in the ``program to use as shell'' field of /etc/passwd is used to select the password to be used. With the SVR4 file system, it
now has path names to shells that exceed the 8 character limit.

The workaround is to use a bogus "program to use as shell".

In /etc/d_passwd you need something like:

shell::comment

Then run passwd:

passwd -F /etc/d_passwd shell

After the password has been changed, edit /etc/d_passwd to have the path to the real shell that you want to use.
Unquote ..

Good Luck
Rushank
Super Advisor

Re: Modem Security

Yes that worked.. But how do I add users in this d_passwd file..?

S.K. Chan
Honored Contributor

Re: Modem Security

Example :-

1) Edit /etc/d_passwd to look something like this list:
shell1::comment
shell2::comment
/usr/bin/sh::comment
Note: Remember, shell1 to 3 is dummy shell. I am assuming you've got the first part done (ie set up /usr/bin/sh line with password)

2) Run ..
# passwd -F /etc/d_passwd shell1
# passwd -F /etc/d_passwd shell2

3) Create links for the users to their shells:
# ln -s /usr/bin/sh /usr/bin/uss1
# ln -s /usr/bin/sh /usr/bin/uss2

4) Edit the /etc/passwd and /etc/d_passwd files so that the shell is listed with the new links:
# vi /etc/passwd
dialup1::111:20:comment,,,:/home/dialup1:/usr/bin/uss1
dialup2::112:20:comment,,,:/home/dialup2:/usr/bin/uss2
# vi /etc/d_passwd
/usr/bin/uss1::comment
/usr/bin/uss2::comment
/usr/bin/sh::comment
Rushank
Super Advisor

Re: Modem Security

Why is that I get all garbage when I connect to remote box.?? What is the right cable Modem is connected to serial port of D box (9 -pin) and to modem (25 pin)

harry d brown jr
Honored Contributor

Re: Modem Security

Rushank,

Have you looked into dial-back modems?

http://rr.sans.org/unix/sec_HPUX.php

live free or die
harry
Live Free or Die