HPE Community
Operating System - HP-UX
1855801 Members
2079 Online
104103 Solutions
New Discussion

Re: Trusted mode - requirements

 
Guy Humphreys
Valued Contributor

‎05-10-2005 10:30 PM

‎05-10-2005 10:30 PM

Trusted mode - requirements

Hi All,

real easy one this time.

I need to change an 11i box to trusted mode and obviously according to the install instructions I need to patch the box up to current levels first. Normally I would do this as a matter of course, but I can't do it this time, as I need more space in /var and /usr and can't get physically to the box to go to single user mode.

Can I convert to trusted without the patches?
and then patch later when I have the opportunity?

cheers
Guy
'If it ain't broke, don't fix it!'
0 Kudos
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎05-10-2005 10:37 PM

‎05-10-2005 10:37 PM

Re: Trusted mode - requirements

Guy,

Without reviewing the patches, I can't really say, but I would think that you could do this safely. Converting to trusted is relatively straightforward and I doubt there are too many patches which should have an effect on it. By the way, it is generally recommended that you convert using SAM. SAM automatically handles the password expiration issues that normally arise (among other things).


Pete

Pete
0 Kudos
Joseph Loo
Honored Contributor

‎05-10-2005 10:44 PM

‎05-10-2005 10:44 PM

Re: Trusted mode - requirements

hi,

sure, converting to trusted may be done without some patches (pams related, etc) except those that are recommended to be patch before u may convert to trusted.

use sam and proceed to auditing and security and select any of the options:

. audited events
. audited system calls
. audited users
. system security policies

to convert which will replace each password in /etc/passwd with *, amongst other things it will do.

regards.
what you do not see does not mean you should not believe
0 Kudos
Mark Nieuwboer
Esteemed Contributor

‎05-10-2005 10:47 PM

‎05-10-2005 10:47 PM

Re: Trusted mode - requirements

As far as i know it's no problem or you have to be very behaind with your parches.

grtz. Mark
0 Kudos
Guy Humphreys
Valued Contributor

‎05-10-2005 11:09 PM

‎05-10-2005 11:09 PM

Re: Trusted mode - requirements

how does June 2002 patch bundle sound? too old?

(don't ask. It's an inherited server from another company. *mutters* *grumbles* *shakes head at lack of standards*)

cheers
Guy
'If it ain't broke, don't fix it!'
0 Kudos
Joseph Loo
Honored Contributor

‎05-11-2005 12:59 PM

‎05-11-2005 12:59 PM

Re: Trusted mode - requirements

hi,

usually, i adopt if it ain't broken why fix it. but if u r not sure if it has been broken:

http://www1.itrc.hp.com/service/patch/releaseIndexPage.do?BC=patch.breadcrumb.main|

also, when software has pre-requisite, patch it. security patches is a must, so run security patch checker to find out what is lacking.

download for security patch checker:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA


regards.
what you do not see does not mean you should not believe
0 Kudos
Guy Humphreys
Valued Contributor

‎05-11-2005 09:31 PM

‎05-11-2005 09:31 PM

Re: Trusted mode - requirements

Well, I went ahead and did it and it worked without a hitch, now I can patch at my leisure.

Thanks for all your help
Guy
'If it ain't broke, don't fix it!'
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.