HPE Community
Operating System - HP-UX
1834934 Members
2667 Online
110071 Solutions
New Discussion

trusted system

 
SOLVED
Go to solution
Roberto Severo
Advisor

‎06-24-2002 04:11 PM

‎06-24-2002 04:11 PM

trusted system

We'll migrate our system (UX 11.11) from "d" level to "c2" (trusted) level of security, but i have to expose how the security will be increased doing that to my boss. Can anybody help me listing the benefits of the "c2" level?

Tks. in advance,

-roberto
0 Kudos
Reply
3 REPLIES 3
Michael Tully
Honored Contributor

‎06-24-2002 04:31 PM

‎06-24-2002 04:31 PM

Re: trusted system

Hi,

The security measures what come with the standard operating system basically, only create a password database as opposed to anything else. It will remove the encrypted password entries from the /etc/passwd file and create a database under /tcb

You can use 'sam' to convert it or the '/usr/lbin/tsconvert' command.

Have a look at this document, and use 'trusted' in the search box. It will provide everything you need to know. Be aware that changing a system to 'trusted' will require all users to change their passwords afterwards.

http://www.docs.hp.com/hpux/onlinedocs/B2355-90742/B2355-90742.html

Michael
Anyone for a Mutiny ?
Reply
Arockia Jegan
Trusted Contributor

‎06-24-2002 04:55 PM

‎06-24-2002 04:55 PM

Re: trusted system

Here are some security changes that will happen when you will migrate your system to c2 level security,

1) In standard unix the encrypted passwords stored in the world readable file /etc/passwd. So anyone having valid password in the system can gain other's password(even password of root) by using passwd cracker softwares. Converting your system to a trusted one will move all user's encrypted passwords to a secure location under /tcb
2) It also provides a flexible password aging mechanism
3) It will automatically disables user accounts after repeated failed logins.
4) Because of the password history system has good protection against poorly chosen passwords
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-24-2002 06:14 PM

‎06-24-2002 06:14 PM

Solution

Re: trusted system

There are many additional controls you can put on passwords such as minimum/maximum length, content limits (upper/lower case, numbers), and even login controls on the time of day a login is permitted.

The best documentation is found at: http://docs.hp.com then search for: Trusted System, and print the first section of "Administering Your Trusted System" found at:

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&con=/hpux/onlinedocs/B2355-90121/00/00/8-con.html&toc=/hpux/onlinedocs/B2355-90121/00/00/8-toc.html&searchterms=trusted%7csystem&queryid=20020624-191925


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.