HPE Community
Operating System - HP-UX
1830938 Members
1803 Online
110017 Solutions
New Discussion

system user id

 
Animesh Chakraborty
Honored Contributor

‎04-03-2002 06:16 PM

‎04-03-2002 06:16 PM

system user id

hi,
I need to explain our auditors why these ids exists in our unix box and some of them like daemon,hpdb got .rhost file in their home directory with permission 644.

daemon:*:1:5::/:/sbin/sh
bin:*:2:2::/usr/bin:/sbin/sh
sys:*:3:3::/:
adm:*:4:4::/var/adm:/sbin/sh
uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico
lp:*:9:7::/var/spool/lp:/sbin/sh
nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico
hpdb:*:27:1:ALLBASE:/:/sbin/sh

Anybody got better explanation to convince them?

Thanks in Advance
Animesh
Did you take a backup?
0 Kudos
Reply
4 REPLIES 4
Michael Tully
Honored Contributor

‎04-03-2002 06:32 PM

‎04-03-2002 06:32 PM

Re: system user id

Hi Animesh,

The /.rhosts file would only be used by
root. You should actually move root's home
dir to /root if not already. It is a BIG
security hole having a .rhosts file for root anyway. If possible get rid of it.

The other accounts are part of the operating
system.

lp is required for the spooler subsystem
daemon, bin, sys, adm are used by other
OS subsystems, uucp for ttys for modems etc

-Michael


Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎04-03-2002 06:35 PM

‎04-03-2002 06:35 PM

Re: system user id

One other thing:

Seeing that these accounts don't have passwords
and can't be logged into directly, they are
fairly safe anyway.

Something I've learnt over the years with
auditors, is do not volunteer information....
Sometimes it is better to baffle them with BS

-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-03-2002 06:40 PM

‎04-03-2002 06:40 PM

Re: system user id

Hi:

A few of these could probably be removed if you are not using the facilities:

If you are not running the ALLBASE database, hpdb can go. If you are using no uucp facilities including cu then uucp and nuucp can go as well. The others should remain. In order for lp to work and especially remote lp, those users and generally that particular uid (and gid) must exist. The user daemon must exist for several daemons including grmd. The user adm is required for accounting and wtmp is normally owned by this user.

If it ain't broke, I can fix that.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-03-2002 06:46 PM

‎04-03-2002 06:46 PM

Re: system user id

If your auditors don't know why they are there, then why are they auditing you? Would you let your grocery store clerk perform open heart surgery on you? How I love auditors that are without a clue. Give them a quarter and have them call someone that knows a little about unix.

I've posted this before, but I think it needs to be repeated (forever):

I once had an "auditing" firm tell my client, a billion+ dollar bank, that they should remove all editors, and I was called, and I agreed that it is possible and I instructed them on how to do such.

A Day later, I was called and asked if we could remove the source code. Not a problem!

Another Day Later I was called and asked if we could remove the compilers. Again I agreed and led the way.

Again, another day later, I was called and asked if we could remove some other "STUFF". Now, I was getting sick and tired of the insanity, so I called the president and a few vp's of the Bank on a conference call with the auditor. I told the auditor that I could honor his request to remove the OBJECT code, and that I could do one better by removing the OPERATING SYSTEM and any references to the banks data. Needless to say, the auditing firm was fired for being completely idiotic and non-computer literate.



here's a good paper on building a bastion host:

http://people.hp.se/stevesk/bastion.html

live free or die
harry
Live Free or Die
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.