HPE Community
Operating System - HP-UX
1847071 Members
5972 Online
110262 Solutions
New Discussion

Re: security issues / configuration

 
SOLVED
Go to solution
Paul Torp
Regular Advisor

‎08-20-2007 01:23 AM

‎08-20-2007 01:23 AM

security issues / configuration

hi.

i wonder how i can lock a useraccount after a certain amount of failed logins in a UNTRUSTED system.. like /usr/lbin/modprpw -m umaxlntr=6 "$logname" is in trusted.

i also wonder what the string in /etc/default/security should be to make it global in a TRUSTED system..

anyone?

regards
pål
"sendmail is kind of fun..."
0 Kudos
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎08-20-2007 01:45 AM

‎08-20-2007 01:45 AM

Re: security issues / configuration

Not possible in an untrusted environment.

In a trusted environment, this is controlled by security policies, which can be seen via the getprpw command ('man getprpw' for more info). This is NOT configurable in the /etc/default/security file.

You should do a 'man security' for information on the security file.
0 Kudos
Steven E. Protter
Exalted Contributor

‎08-20-2007 01:58 AM

‎08-20-2007 01:58 AM

Solution

Re: security issues / configuration

Shalom,

On a non-trusted system you would need to look at this output.
lastb -R

You can run a cron script that checks this output user by user. At this point when you find three bad logins you can issue a passwd -l username command.

There is a script posted in the sysadmin scripts thread that does exactly this.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=51050

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Paul Torp
Regular Advisor

‎08-20-2007 08:28 PM

‎08-20-2007 08:28 PM

Re: security issues / configuration

hi..

i have tried looking for that script in section 2 and 3.. (of favorite scripts) but cant really find it..

i am running out of time and got deadline tomorrow to come up with something to solve the issue..

pal
"sendmail is kind of fun..."
0 Kudos
Paul Torp
Regular Advisor

‎08-20-2007 08:35 PM

‎08-20-2007 08:35 PM

Re: security issues / configuration

the sad sad thing is that i have no hpux boxes to test on atm.. (not even a production).. makes things a bit harder...
"sendmail is kind of fun..."
0 Kudos
Paul Torp
Regular Advisor

‎08-20-2007 09:20 PM

‎08-20-2007 09:20 PM

Re: security issues / configuration

found it SEP..

tnx
"sendmail is kind of fun..."
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.