HPE Community
Operating System - HP-UX
1834679 Members
2450 Online
110069 Solutions
New Discussion

scfmgr tool... I cant remember where to get it

 
SOLVED
Go to solution
Todd McDaniel_1
Honored Contributor

‎10-31-2007 06:35 AM

‎10-31-2007 06:35 AM

scfmgr tool... I cant remember where to get it

My old company used this tool on all our HPU X boxes. I am not sure if it is a home-grown tool or not. It was very useful imho...

I googled it and only found my old reply to an post on www.unix.com forums from 2002.

There are no references to it in this forum or on docs.hp.com either.

The command line is scfmgr and it monitors su activity related to su'ing to root. The config file is edited by typing scfmgr and it has several parameters you can also monitor in it besides su activity.
Unix, the other white meat.
0 Kudos
7 REPLIES 7
Todd McDaniel_1
Honored Contributor

‎10-31-2007 06:40 AM

‎10-31-2007 06:40 AM

Re: scfmgr tool... I cant remember where to get it

also, whats that website address for the free unsupported products?
Unix, the other white meat.
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎10-31-2007 06:45 AM

‎10-31-2007 06:45 AM

Re: scfmgr tool... I cant remember where to get it

Hi Todd:

I don't have knowledge of the tool you note, but the '/var/adm/sulog' is where 'su' activity is recorded.

As for add-on products:

http://hpux.cs.utah.edu/

..and its various worldwide mirrots.

Regards!

...JRF...
0 Kudos
Todd McDaniel_1
Honored Contributor

‎10-31-2007 07:03 AM

‎10-31-2007 07:03 AM

Re: scfmgr tool... I cant remember where to get it

yes I know about the sulog file... but that is rather passive... This was an active tool.

It managed a file which allowed users the rights to su to root. If they werenâ t in the file, they failed to get in as root, and the system sent mail to root notifying of the attempt.

You would typically type scfmgr at the prompt and then edit the file. And that was pretty much it. I think it had some type of daemon running in the back ground.

Unix, the other white meat.
0 Kudos
Todd McDaniel_1
Honored Contributor

‎10-31-2007 07:20 AM

‎10-31-2007 07:20 AM

Re: scfmgr tool... I cant remember where to get it

I emailed a friend of mine at my old firm.

He sent me this...

==========================================
man scfmgr

SCFMGR(bcr) SysGuard Security Software SCFMGR(bcr)

NAME

scfmgr - access the Security Control File (SCF)

SYNOPSIS

scfmgr [ -c ] [ -v ] [ -p ] [ -f filename ]

DESCRIPTION

scfmgr provides access to the SCF (also known as sc_file) to validate or change parameter values. If no options are specified, the user is automatically placed in edit mode. scfmgr uses the following options:

-c recalculates the checksum
-v validates a copy of the SCF
-p updates system password
-f filename

use filename instead of the default.

OPERATION

Use of scfmgr(bcr) on current SCF is restricted to one process at a time.

FILES

sc_file

/tmp/tmpScFile

SEE ALSO

BR-007-301-211, SysGuard User Guide, Section 7.

BR-007-301-217, SysGuard Reference Manual, Section 8.

- 1 - Formatted: October 31, 2007
Unix, the other white meat.
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎10-31-2007 07:25 AM

‎10-31-2007 07:25 AM

Re: scfmgr tool... I cant remember where to get it

Hi (again) Todd:

> It managed a file which allowed users the rights to su to root.

You can get close to this with the '/etc/default/security' file's SU_ROOT_GROUP setting:

http://docs.hp.com/en/B2355-60105/security.4.html

Of course, this is a by-group restriction and there is no automatic email generated for invalid attemps. The standard 'sulog' would track the attempts.

Regards!

...JRF...
0 Kudos
Geoff Wild
Honored Contributor

‎10-31-2007 09:02 AM

‎10-31-2007 09:02 AM

Solution

Re: scfmgr tool... I cant remember where to get it

Sounds like a third party utility.

I don't know if this is it:

http://www.datasure.com/~mackinnn/sysguard.html

Myself, I use a solution from Fox Technologies called BoKS.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Todd McDaniel_1
Honored Contributor

‎10-31-2007 09:12 AM

‎10-31-2007 09:12 AM

Re: scfmgr tool... I cant remember where to get it

Geoff gets the bunny!!!!

ding ding ding!!!

That is what I was looking for...thanks!
Unix, the other white meat.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.