GreenLake Administration
Operating System - HP-UX
1848146
Members
6878
Online
104022
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:03 AM
08-27-2002 07:03 AM
Hi
I would like to protect system using password when the machine is booting.
Example: -
You can protect a SUN unix machine during boot prompt level. Also you can protect a PC during intial boot it self.
Similarly i want to protect HP-Server's too.
I reason behind is a person who have access to the the machine and able to boot the machine in single user mode, he can knock of root password and do what ever he/she wants. To avoid this situation, is there any way to over come this problem.
I would like to protect system using password when the machine is booting.
Example: -
You can protect a SUN unix machine during boot prompt level. Also you can protect a PC during intial boot it self.
Similarly i want to protect HP-Server's too.
I reason behind is a person who have access to the the machine and able to boot the machine in single user mode, he can knock of root password and do what ever he/she wants. To avoid this situation, is there any way to over come this problem.
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:06 AM
08-27-2002 07:06 AM
Re: security
If you can't PHYSICALLY secure your computer, then your computer is NOT SECURE!
What would prevent the person from removing the root disk drive and put it into another server, then mount that volume, modify the password file, then put the drive back into said server?? Thus bypassing your root password???
PHYSICAL security is MORE important than PASSWORD security!!!
live free or die
harry
Live Free or Die
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:14 AM
08-27-2002 07:14 AM
Re: security
Well Harry, the thing is with Sun Servers/Workstations the password is in the boot PROM, not on a disk. Lots of PC's have this too.
There is no way to secure a HP UNIX system in the same fashion, so you must physically secure the system.
Regards,
Shannon
There is no way to secure a HP UNIX system in the same fashion, so you must physically secure the system.
Regards,
Shannon
Microsoft. When do you want a virus today?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:15 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:16 AM
08-27-2002 07:16 AM
Re: security
This was a good discussion about the same issue:
http://forums.itrc.hp.com/cm/QuestionAnswer/0,,0x6c118f960573d611abdb0090277a778c,00.html
http://forums.itrc.hp.com/cm/QuestionAnswer/0,,0x6c118f960573d611abdb0090277a778c,00.html
learn unix ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 07:17 AM
08-27-2002 07:17 AM
Re: security
Hello
Harry is of course right, but perhabs this is a first step:
In sam you can convert your server to a trusted system. If this happens, you can in the task
--> auditing and security
--> System Security Policies
--> General User Account Policies
activate the button "require Login Upon Boot to single-user state".
Now you have to login with a valid (super-)user and password in the single-user state, too.
Dirk
Harry is of course right, but perhabs this is a first step:
In sam you can convert your server to a trusted system. If this happens, you can in the task
--> auditing and security
--> System Security Policies
--> General User Account Policies
activate the button "require Login Upon Boot to single-user state".
Now you have to login with a valid (super-)user and password in the single-user state, too.
Dirk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2002 08:37 AM
08-27-2002 08:37 AM
Re: security
I have not checked that this would work under single user mode (depends if profile is run which I can't recall) at the console but I have setup the root profile to ask for a name at login. Then there is a request for a password (hidden text) and the name and the password are then checked against an encrypted password that was previously setup by that authorised user. If the name or the password are invalid an email is immediatly sent out to our Exchange server and the same is true if the the script is aborted for any reason. All of the actions for this are logged.
The script in the profile does not restrict access for root (not a good idea) but merely adds an extra validation and alert of missue and is merely to report on attempted local violation. Of course once in as root then the logs could be changed but it would be hard to stop the email getting out to the exchange server after the event (of course if some one knew about this before hand they could remove network connections etc but this again comes down to physical security of your computer.
Or as a second suggestion why not get a secure web console (small box from HP that lets you connect as console via a browser) and remove the physical console from the computer (lock it in a cupboard) - That way your culprit either needs to know the web console password or have access to a spare console.
The script in the profile does not restrict access for root (not a good idea) but merely adds an extra validation and alert of missue and is merely to report on attempted local violation. Of course once in as root then the logs could be changed but it would be hard to stop the email getting out to the exchange server after the event (of course if some one knew about this before hand they could remove network connections etc but this again comes down to physical security of your computer.
Or as a second suggestion why not get a secure web console (small box from HP that lets you connect as console via a browser) and remove the physical console from the computer (lock it in a cupboard) - That way your culprit either needs to know the web console password or have access to a spare console.
Hats ? We don't need no stinkin' hats !!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP