HPE Community
Operating System - HP-UX
1834789 Members
2359 Online
110070 Solutions
New Discussion

Re: trusted or non-trusted

 
public
Regular Advisor

‎06-06-2003 01:42 AM

‎06-06-2003 01:42 AM

trusted or non-trusted

We know the way to configure C2-level HP-UX trusted system either using SAM or tsconvert command.

The thing is how to determine the HP-UX system is in trusted or non-trusted mode?

Any good idea?
0 Kudos
Reply
8 REPLIES 8
V.Tamilvanan
Honored Contributor

‎06-06-2003 01:55 AM

‎06-06-2003 01:55 AM

Re: trusted or non-trusted


Hi,

There r so many ways to check. some of them

1.The /tcb Directory will be there in Trusted system.


2. When u log on to Trusted system it will display like the "Last successful login for root: Fri Jun 6 05:51:35 SST-8 2003 on pts/tb
Last unsuccessful login for root: NEVER "

HTH
-tamil
0 Kudos
Reply
Rajesh G. Ghone
Regular Advisor

‎06-06-2003 02:00 AM

‎06-06-2003 02:00 AM

Re: trusted or non-trusted

Hi,

The easiest way to findout is to see /tcb directory if this directory is not available then it is not in a trusted mode or you can see in /var/adm/syslog/syslog.log the login information.

Regards,
Rajesh G.
Rajesh Ghone
0 Kudos
Reply
public
Regular Advisor

‎06-06-2003 02:06 AM

‎06-06-2003 02:06 AM

Re: trusted or non-trusted

Hi Tamil and Rajesh G,

Thanks for reply.
The ways you provided are good to show the system is in trusted mode. But is there any "official" way to achieve this? Maybe using a command, a log file, or something else...

0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎06-06-2003 02:12 AM

‎06-06-2003 02:12 AM

Re: trusted or non-trusted

tsconvert -p

If the system isnt trusted it says cant convert.....on non-Trusted system

If the system is trusted it says; At and crontab files converted.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎06-06-2003 02:19 AM

‎06-06-2003 02:19 AM

Re: trusted or non-trusted

or even better;

/usr/lbin/getprpw

If the system isnt trusted it says so.

If it is trusted you get a Usage: [options....] message.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Balakumar M
Frequent Advisor

‎06-06-2003 02:39 AM

‎06-06-2003 02:39 AM

Re: trusted or non-trusted

Hi,
Check this link

http://docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

-Bala
Life is a continues learning process
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎06-06-2003 03:09 AM

‎06-06-2003 03:09 AM

Re: trusted or non-trusted

Hi,
just type
/usr/lbin/getprpw
if it is trusted it displays help, it is not trusted it displays
System is not trusted

Regards
Never Say No
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-06-2003 03:38 AM

‎06-06-2003 03:38 AM

Re: trusted or non-trusted

Hi,

There isn't an official way that I know of to tell if a system is trusted, other than going into the "Auditing and Security" menu of SAM. From there if you try to enter any of the Audited sections you'll either be prompted to trust the system or you'll be shown the Audited events/users, etc. Unofficially I'd check for /tcb; and especially the presence of /tcb/files/auth/r/root.

In addition the only supported way of trusting/untrusting the system is by using SAM, even though it uses tsconvert itself. The modprpw/getprpw commands are themselves only supposed to be used by SAM, and in fact are only documented at 11i. If you use them, bear in mind that their functionality could change in later releases.

regards,

Darren
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.