HPE Community
Operating System - HP-UX
1837650 Members
2857 Online
110117 Solutions
New Discussion

root account keeps disabling

 
Louber
Occasional Advisor

‎05-27-2005 02:31 PM

‎05-27-2005 02:31 PM

root account keeps disabling

All I have recently upgraded a 11.00 to 11.11i vr1 server and since the upgrade the root account keeps disabling itself. I have rebooted the system into single user and reset it, this has enabled me to logon for a couple of days and now it has been disbaled again.

I know noone has been on the box as I am the only person with accounts on there. I can get access and can reset trhe account again but I do not wish for the root account to disable itself again.

Can you help

0 Kudos
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎05-27-2005 02:47 PM

‎05-27-2005 02:47 PM

Re: root account keeps disabling

If the system is trusted, then someone or something is attempting to log in as root. By default, if you try unsuccessfully 3 times, the account is locked. You could increase the number of attempts it takes to lock the account. This can be done through SAM.

You should NEVER have to go to single user mode to reactivate root. If you have a serial console, web console or lan console on the system, use it. Even if root is deactivated, you can log in via the console and reactivate it.

I would suggest doing a 'lastb -R root'. This will show you the invalid logins for root and the IP address they came from. This should help you to figure out who/what is locking the account.
0 Kudos
Tim D Fulford
Honored Contributor

‎05-27-2005 11:41 PM

‎05-27-2005 11:41 PM

Re: root account keeps disabling

Turn off the following
o "disable account after X failed login attempts" and
o "disable account after X days inactivity"
o "disable reset password after X days"

Also make sure you cannot login as root unless you are already logged in (/etc/securetty I think)... Actually this may also be the cause as you my try to log in as root and /etc/securetty may stop you!!!

Regards

Tim
-
0 Kudos
Bill Hassell
Honored Contributor

‎05-28-2005 07:32 AM

‎05-28-2005 07:32 AM

Re: root account keeps disabling

I would be very concered that someone is trying to attack your system. I have attached an information script that will analyze a specific user (or users) and decode exactly why the account was disabled. If it is due to failed password attempts, use:

lastb -R root

to see if the attacks are coming from the same address. Then block that address until you can track down the hacker.

As an alternative, you can eliminate all root login attempts by doing this:

echo "console" > /dev/securetty

Now, all root admins must login as a normal user and then use su (or better yet, the contributed program sudo) to attain root privileges. Turning of the automatic disabling of user logins is not a good idea,


Bill Hassell, sysadmin
0 Kudos
Louber
Occasional Advisor

‎05-28-2005 09:30 AM

‎05-28-2005 09:30 AM

Re: root account keeps disabling

Thanks for the advice guys.

I have viewed the lastb -R root command and it does appear a collegue may have been attempting to access the system, while I have been away. It also appears he has amended some root account settings in whcih the trusted database for root has become confused or corrupt.

I have reset the account afetr removing the entry in the /tcb/files/auth/r/root file, and can now log in ok!

thanks very everyones prompt responses.
0 Kudos
Louber
Occasional Advisor

‎05-28-2005 09:33 AM

‎05-28-2005 09:33 AM

Re: root account keeps disabling

thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.