HPE Community
Operating System - HP-UX
1834629 Members
3347 Online
110069 Solutions
New Discussion

Re: root locked out, system not trusted

 
SOLVED
Go to solution
Natasha L.
Advisor

‎09-15-2003 04:23 PM

‎09-15-2003 04:23 PM

root locked out, system not trusted

Hi all,

I was looking after an rx4610 running 11.20 that was not used for some months. Today when it finally had to be booted and accessed it would not allow root logins. Every time I tried logging into the console as root, instead of prompting for a password, it printed a message a la: "Changing password for root... Sorry. login:"

So I booted in single user mode. Again, when I tried invoking the passwd command I got:

Changing password for root...
Sorry.

The command /usr/lbin/getprpw -r -m lockout root returned:

The system is not trusted.

I searched the forums for "passwd system not trusted" but couldn't find the answer.

Does anyone know how I can fix this situation, and change the password for root (or any other user) on an untrusted system?

Thanks & regards,
Natasha
0 Kudos
Reply
9 REPLIES 9
Patrick Wallek
Honored Contributor

‎09-15-2003 04:32 PM

‎09-15-2003 04:32 PM

Re: root locked out, system not trusted

If you are up in single-user mode, the easiest thing to do will be to edit the /etc/passwd file and modify root's passwd from there.

From single user mode do:

# mount -a

This will mount all the root VGs and will error on any others since the VGs are activated.

# vi /etc/passwd

Now you will see your passwd file. The first line is the root entry. You should see the encrypted passwd. You can remove it. Do NOT remove the : field delimeters though. Make sure there are still the same/correct number of :'s in the file.

Now save it. Once you have done this, root has NO passwd. You should now be able to do:

# passwd

or

# passwd root

to modify roots passwd.

Good luck.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-15-2003 04:35 PM

‎09-15-2003 04:35 PM

Re: root locked out, system not trusted

Hi Natasha,

Once you login through console as root, do

'passwd -df root' and try again. Looks like the password field of root's entry has some problem in /etc/passwd file.

As a last resort, edit /etc/passwd file, blank out the second field (encrypted password) and see if it works.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-15-2003 04:42 PM

‎09-15-2003 04:42 PM

Solution

Re: root locked out, system not trusted

Depending on how and why it was locked, all you should have to do is this in single user mode:

/sbin/passwd

You should not have to mount anything.

You might want to run a little script I copied out of a text book to notify you of too many bad root logins.

Don't discount the possibility that someone is trying to gain control of that system.

the script is attached.

The logic in the script that disables root account is commented out. If you actually have a security problem, you might want to activate that code.

lastb command should be run immediately, as soon as you can get the system usable.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Natasha L.
Advisor

‎09-15-2003 05:20 PM

‎09-15-2003 05:20 PM

Re: root locked out, system not trusted

Hi guys, thanks so much for the quick replies! 8)

The problem has been fixed via a convoluted route. I tried opening /etc/passwd and editing to:

root::0:1::/roothome:/sbin/sh

But still passwd resulted in "Changing passwd for root... Sorry."

Then I decided to try changing the password in SAM. This errored out with:
lckpwdf: No such file or directory
Cannot obtain lock for /etc/.pwd.lock

googling the error told me to simply create /etc/.pwd.lock . So I did and SAM then successfully changed the password.

At the prompt, the passwd command still did not work. But then I saw Steven's post and tried:
which passwd
/usr/bin/passwd

Aha. Using /sbin/passwd instead produced:
/sbin/passwd: Permission denied
ls -al passwd
---------- /sbin/passwd
chmod u+x /sbin/passwd
/sbin/passwd root
New Password:

So, it looks like there were many problems going on here (corrupt password, no .pwd.lock, too-tight permissions on /sbin/passwd) which are now resolved.

Thanks again all for your help - I may actually be out of here by 6:30!! 8)

cheers Natasha
0 Kudos
Reply
Natasha L.
Advisor

‎09-15-2003 05:22 PM

‎09-15-2003 05:22 PM

Re: root locked out, system not trusted

Also Steven, great point about not getting lax about security. I will definitely use the script.

Thanks, N.
0 Kudos
Reply
Natasha L.
Advisor

‎09-15-2003 05:22 PM

‎09-15-2003 05:22 PM

Re: root locked out, system not trusted

Also Steven, great point about not getting lax about security. I will definitely use the script.

Thanks, N.
0 Kudos
Reply
Natasha L.
Advisor

‎09-15-2003 05:23 PM

‎09-15-2003 05:23 PM

Re: root locked out, system not trusted

Also Steven, great point about not getting lax about security. I will definitely use the script.

Thanks, N.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-15-2003 05:33 PM

‎09-15-2003 05:33 PM

Re: root locked out, system not trusted

There is a program called pwchk to check the integrity of the /etc/passwd file

grpchk checks out the /etc/group file.

You might want to harden your security you should additionally consider running Bastille.

It hardens security quite nicely, points out issues to be dealt with and makes me feel better after I've run it.

Here is a link to it and its pre-requisite.

Bastille:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
There is alink to perl inside this link, but here a direct one.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alan Turner
Regular Advisor

‎09-16-2003 12:12 AM

‎09-16-2003 12:12 AM

Re: root locked out, system not trusted

At a slight tangent - lets hope no-one uses the checking script on a system where a malevolent user has set up /tmp/failedrootlogins as a symbolic link to something important, e.g. /sbin/bcheckrc.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.