HPE Community
Operating System - HP-UX
1833387 Members
3027 Online
110052 Solutions
New Discussion

Re: trusted system

 
shajes puthanveettil
Occasional Contributor

‎09-13-2002 03:28 PM

‎09-13-2002 03:28 PM

trusted system

Can any suggest the steps to be followed while changing a system to trusted system.
I want to make my live servers running HP-UX 10.20 &11.x as trusted .

thanks for suggesyions.
spv
0 Kudos
Reply
5 REPLIES 5
erics_1
Honored Contributor

‎09-13-2002 03:33 PM

‎09-13-2002 03:33 PM

Re: trusted system

Shajes,

There is a lot of good information on Trusted Systems out at http://www.docs.hp.com

Just search on trusted system and you'll get many returns that discuss this topic more in depth. The easiest way to convert is via SAM, Auditing and Security, then select one of the options on that next screen.

Hope this helps!
Eric
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-13-2002 04:20 PM

‎09-13-2002 04:20 PM

Re: trusted system

The conversion is very simple. Run SAM, select the Auditing section and as you enter that section, it will ask if you'd like to convert. Answer yes and you are done.

There are additional features now available to control security policies if you want to enable them.


Bill Hassell, sysadmin
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎09-13-2002 05:44 PM

‎09-13-2002 05:44 PM

Re: trusted system

Instead of worrying about making 10.20 systems "trusted" you need to be worrying about getting those machines to 11i or higher!

To make a system trusted use sam.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Michael Tully
Honored Contributor

‎09-13-2002 10:56 PM

‎09-13-2002 10:56 PM

Re: trusted system

You can also change your system into 'trusted' from the command line just as easily as using 'sam'. Be aware that 'sam' is much easier to use if your going to make changes to the security settings.

# /usr/lbin/tconvert (to change to trusted)

Be aware that changing a system to trusted, expires all passwords immediately, so be ready.

Anyone for a Mutiny ?
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-14-2002 02:11 PM

‎09-14-2002 02:11 PM

Re: trusted system

Hi,

You can use either SAM as already mentioned or use the command "/usr/lbin/tsconvert" to convert a system to trusted. You will find a new directory tree structure under /tcb after this task.

The passwords will be expired. This is to make sure users will set the password to the trusted system standards. You can leave it that way or disable password expiry by running the command "/usr/lbin/modprdef -m exptm=0".

Start getting familiar with the commands like getprpw, modprpw, getprdef and modprdef etc under /usr/lbin. There won't be man pages on them. Try searching for these words in the forums. Sometimes you may find it irritating to go into SAM for small tasks like enabling a login (/usr/lbin/modprpw -k login).


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.