HPE Community
Operating System - HP-UX
1834789 Members
2528 Online
110070 Solutions
New Discussion

pwgr

 
SOLVED
Go to solution
lastgreatone
Regular Advisor

‎10-28-2002 12:45 PM

‎10-28-2002 12:45 PM

pwgr

I was not aware of this daemon until now. And noticed it is set to 1 /etc/rc.config.d/pwgr. All NIS services are disabled on this internet server. I have set pwgr to 0, could it have any negative impact on the server? I was concerned about the security on this server.
0 Kudos
Reply
3 REPLIES 3
A. Clay Stephenson
Acclaimed Contributor

‎10-28-2002 12:46 PM

‎10-28-2002 12:46 PM

Solution

Re: pwgr

The pwgrd daemon is used to cache logins and groupnames to speed those lookups. It's really not a security risk. If you have applications which require many, many passwd file/map lookups then you could see some small performance hit especially if you have a very large passwd file or map. Login lookups linearly search the file so search times can be quite long if the file is large.
If it ain't broke, I can fix that.
Reply
Michael Tully
Honored Contributor

‎10-28-2002 12:51 PM

‎10-28-2002 12:51 PM

Re: pwgr


No 'pwgr' is not a security risk.
To check if you system is secure, you could install HP-UX bastille. You can get it from here:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Or you could look at the bastion white paper.
http://people.hp.se/stevesk/bastion11.html
Anyone for a Mutiny ?
0 Kudos
Reply
Tim Maletic
Valued Contributor

‎11-01-2002 07:00 AM

‎11-01-2002 07:00 AM

Re: pwgr

If this is an Internet-facing server, and you're not looking up /etc/passwd or /etc/group info from the network (i.e., if your passwd and group lines in /etc/nsswitch.conf say "files"), then I would disable that daemon.

While pwgrd has no known vulnerabilities now, it might in the future (or it might now contain vulnerabilities known only to a few). Disable it if you don't need it.

This is also the recommendation of the Center for Internet Security's HP-UX Benchmark: http://www.cisecurity.org/bench_HPUX.html.

-Tim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.