HPE Community
Operating System - HP-UX
1829576 Members
3073 Online
109992 Solutions
New Discussion

Re: Reporting on security settings

 
SOLVED
Go to solution
Karen Elrod
Frequent Advisor

‎10-27-2004 02:08 AM

‎10-27-2004 02:08 AM

Reporting on security settings

Hi,
Does anyone know of a way to report on security settings (such as password expiration). We have many trusted systems. Auditing wants a listing of all of the security settings for each server. The only way that I can find to get this information is to do screen prints of SAM's security panels.
Thanks for any thoughts on this.
Karen
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎10-27-2004 02:21 AM

‎10-27-2004 02:21 AM

Solution

Re: Reporting on security settings

passwd -sa gets you some dat.

I'm attaching a utility script that has lots of code snippets in it, most commented. There are lots of things you can change or merely report on with this script.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
John Poff
Honored Contributor

‎10-27-2004 02:24 AM

‎10-27-2004 02:24 AM

Re: Reporting on security settings

Hi,

Take a look at the 'logins' command. If you give it the '-x' option it will display extended information, including password aging data.

JP
Reply
RAC_1
Honored Contributor

‎10-27-2004 02:30 AM

‎10-27-2004 02:30 AM

Re: Reporting on security settings

Did you look at the commands - getprpw, modprpw, getprdef and modprdef.

/usr/lbin/gerprpw "user_name" Will give you the details about a user and related settings for the user.
The default settings go under /tcp/auth/files/default

Anil
There is no substitute to HARDWORK
Reply
Geoff Wild
Honored Contributor

‎10-27-2004 02:43 AM

‎10-27-2004 02:43 AM

Re: Reporting on security settings

Another tool to look at is System Health Check.

The Lite report is free as is the software:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SHCBASE01

Example of what it finds:

Security

--------------------------------------------------------------------------------

No. Priority # Found Problems Description

--------------------------------------------------------------------------------

1 H 6 User's home directory is writable by others.
2 H 1 World-writable directories allow other users than owner to modify/delete files.

--------------------------------------------------------------------------------

1 M 10 The cron daemon can be used by other users, besides root.
2 M 6 The at command can be used by other users, besides root.
3 M 1 The system parameter executable_stack differs from recommended.
4 M 1 The security defaults configuration file does not exist.
5 M 1 The number of concurrent sessions per user exceeds threshold.
6 M 1 On missing home directory, users are logged in to '/'.
7 M 1 Password history depth is below threshold.
8 M 1 su command usage is not restricted.
9 M 1 Password aging is not implemented.
10 M 8 .rhosts file detected in a user's home directory.
11 M 1 Bad logins pattern may indicate a security breach attempt.
12 M 1 Ownership manipulation command usage is not restricted.
13 M 7 .netrc files found.
14 M 4 External input may cause security problems on some directories.
15 M 2 PATH contains directories writable by others.

--------------------------------------------------------------------------------

1 L 1 Optional trusted system functionality is not enabled.
2 L 1 Internet services access is not restricted.
3 L 1 Connection logging is not enabled.
4 L 1 Root access not restricted.
5 L 1 The /etc/ftpd/ftpusers file does not exist.
6 L 1 Ftp configuration file does not exist.
7 L 11 Some enabled daemons/network services could present a security problem.
8 L 1 Running sendmail may present a security problem.
9 L 1 The system grants unrestricted community access via /etc/SnmpdAgent.d/snmpd.conf.
10 L 8 Network tunables differ from recommended.
11 L 49 Filesystem may allow SUID program execution.
12 L 1 Security Patch Check is not installed.
13 L 1 Bastille is not installed.


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Prashant Zanwar_4
Respected Contributor

‎10-27-2004 02:46 AM

‎10-27-2004 02:46 AM

Re: Reporting on security settings

getprpw is of use in this case.

/usr/lbin/getprpw -m exptm,spwchg sys something like this shall be able to help you out..

just go through the set of commands..

Thanks
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
Reply
Karen Elrod
Frequent Advisor

‎10-27-2004 05:34 AM

‎10-27-2004 05:34 AM

Re: Reporting on security settings

Thanks for all of the help. The information is just what I was looking for.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.