HPE Community
Operating System - HP-UX
1842288 Members
3168 Online
110188 Solutions
New Discussion

Re: Prevent passwd file from being copy

 
SOLVED
Go to solution
yc_2
Regular Advisor

‎10-23-2000 06:00 PM

‎10-23-2000 06:00 PM

Prevent passwd file from being copy

Hi,

Is there a way to prevent the password file being copied or ftp ?

If not possible, is there a way to trap who has ftp or copied this file and get notify ?

Any advise is apprecaited.


Rgds,
YC
0 Kudos
Reply
8 REPLIES 8
Vinit Adya
Frequent Advisor

‎10-23-2000 06:08 PM

‎10-23-2000 06:08 PM

Re: Prevent passwd file from being copy

Hi,
You could use tsconvert to convert the system to a trusted system and the passwords are moved to a TCB area.
This will also enable other features as password lifetime etc.
0 Kudos
Reply
Madhu Sudhan_1
Respected Contributor

‎10-23-2000 09:11 PM

‎10-23-2000 09:11 PM

Re: Prevent passwd file from being copy

Leong:
I completely agree with Adya. You need to make the system a Trusted System to prevent users to read the /etc/passwd file. Once the System is converted to a trusted system a protected password database at /tcb/files/auth gets created and a a "*"
replaces the password field in /etc/passwd.
For a detailed information on adminstering trusted system, here is the URL.

http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90121&service=hpux&path=../B2355-90121/00/00/1&title=Administering%20Your%20HP-UX%20Trusted%20System

Enjoy !
......Madhu
Think Positive
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-23-2000 10:47 PM

‎10-23-2000 10:47 PM

Re: Prevent passwd file from being copy

Hi,

to have full information about ftp sessions edit the /etc/inetd.conf:
Change the line:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
TO:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -v
Now reinitialize inetd with: inetd -c
After this you get all ftp commands and files logged in /var/adm/syslog/syslog.log

Regards
0 Kudos
Reply
yc_2
Regular Advisor

‎10-24-2000 12:20 AM

‎10-24-2000 12:20 AM

Re: Prevent passwd file from being copy

Hi Andreas,

Thanks for your advise.

Is there a way to know what files being down loaded because the syslog.log only capture the ftp login name but not the name of the files that being down loaded.



Rgds,
YC
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-24-2000 12:34 AM

‎10-24-2000 12:34 AM

Re: Prevent passwd file from being copy

Hi,

if you have added the -v option in /etc/inetd.conf at ftp line and reinitialized inetd with inetd -c you get a complete list what a user has done in a ftp session, looks like:
Oct 24 09:28:33 hpk2202 ftpd[7175]: connection from PC203 at Tue Oct 24 09:28:33 2000
Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP LOGIN FROM PC203, voss
Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP: cwd /baan/FT/RETRIEVAL
Oct 24 09:28:33 hpk2202 ftpd[7175]: PORT
Oct 24 09:28:33 hpk2202 ftpd[7175]: FTP: retrieve ftp.out
Oct 24 09:28:34 hpk2202 ftpd[7175]: FTP: delete ftp.out
Oct 24 09:28:34 hpk2202 ftpd[7175]: User voss logged out

As you can see the user changed to dir /baan/FT/RETRIEVAL (cwd), copied the file ftp.out (retrieve) and finally removed that file (delete).

Regards
0 Kudos
Reply
yc_2
Regular Advisor

‎10-24-2000 01:10 AM

‎10-24-2000 01:10 AM

Re: Prevent passwd file from being copy

Hi Andreas,

It works in ver 10.20 but not in 11.00. Does it required any patches ?
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-24-2000 01:18 AM

‎10-24-2000 01:18 AM

Solution

Re: Prevent passwd file from being copy

Hi,

on HP-UX 11.00 use instead -l -L:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -L -v

Regards
Reply
Darren Miller
Advisor

‎10-25-2000 02:35 PM

‎10-25-2000 02:35 PM

Re: Prevent passwd file from being copy

Leong,

At HP-UX 11, a new version of ftp was released, which includes a config file called /etc/ftpd/ftpaccess that allows you to both deny ftp access to /etc/passwd and log all files uploaded and downloaded from your server. Here's what you need to do:

1) Add a "-a" to the end of the ftp line in /etc/inetd.conf.

2) Force inetd to re-read it's config file: inetd -c

3) Create the /etc/ftpd/ftpaccess file with the following lines:

class everyone real,guest,anonymous *
noretrieve /etc/passwd
log transfers anonymous,guest,real inbound,outbound
log commands anonymous,guest,real

This will keep a log of all commands and files accessed via ftp. The commands are logged in /var/adm/syslog/syslog.log, and the files, I think, are logged in /var/adm/syslog/xferlog.

There is much more you can do in ftpaccess. For more information, see the man page for ftpaccess and ftpd. Also take a look at the sample ftpaccess file in /usr/newconfig/etc/ftpd/ftpaccess.

Hope that helps!



both of the
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.