HPE Community
Operating System - HP-UX
1825785 Members
2080 Online
109687 Solutions
New Discussion

Re: Root account locked out (Commercial Database Security)

 
SOLVED
Go to solution
Mathieu P.
Advisor

‎01-14-2009 08:41 AM

‎01-14-2009 08:41 AM

Root account locked out (Commercial Database Security)

Hello,

I came in this morning and root account was locked out. I still managed to login via console, but I want to know WHY it's been disabled. I don't want to unlock it until I fully understand the cause. (and perhaps trace down the individual who made it happen, if that is the case...)

I ran "getprpw -m lockout root" and got a lockout=0000000 output. I'm a bit confused there.

What could be the cause of such an issue ?


Thanks in advance !


MP
Programmers are tools to convert cafeine into code.
0 Kudos
Reply
5 REPLIES 5
Avinash20
Honored Contributor

‎01-14-2009 09:30 AM

‎01-14-2009 09:30 AM

Solution

Re: Root account locked out (Commercial Database Security)

Your account might have got disabled because your system is Trusted.
By default If your type wrong password for user root for more than three times, the account gets locked

#/usr/lbin/getprpw -m lockout root
lockout=0001000

When you login via console, Account is disabled but console login is allowed.


You could check the bad login via

# lastb -R | more
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Reply
Avinash20
Honored Contributor

‎01-14-2009 09:33 AM

‎01-14-2009 09:33 AM

Re: Root account locked out (Commercial Database Security)

You could find out who tried to login and from which IP addressed via

# lastb -R
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎01-14-2009 09:45 AM

‎01-14-2009 09:45 AM

Re: Root account locked out (Commercial Database Security)

When you login via the console the account seems to be "automagically" enabled.

I just disabled root on one of my test servers and then logged in via the console. When I did a getprpw it also showed all 0's in the lockout section.

So, the act of logging in via the console automatically enables the account again. That does make it somewhat difficult to troubleshoot.

As said above, a 'lastb -R root' would show you the last bad login attempts for root.
0 Kudos
Reply
Mathieu P.
Advisor

‎01-14-2009 09:47 AM

‎01-14-2009 09:47 AM

Re: Root account locked out (Commercial Database Security)

"Your account might have got disabled because your system is Trusted."

That happened on the system wich I just ran the Audit Tools through SMH. I remember having to convert to a Trusted System.

Well, I guess I was paranoid for nothing then.
Thanks !

Programmers are tools to convert cafeine into code.
0 Kudos
Reply
Avinash20
Honored Contributor

‎01-14-2009 09:50 AM

‎01-14-2009 09:50 AM

Re: Root account locked out (Commercial Database Security)

Yes, when you enable the Audit, you need to first convert the system to Trusted mode. :)
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.