Security in HP UX : User Level Security

The default security configuration file in HP-UX is /etc/default/security

To prevent users from loggin in:

 01. Modify NOLOGIN variable in /etc/default/security to 1 (NOLOGIN=1)
 02. Create /etc/nologin file with the text you want to display the users.

To make the HP-UX system to use /etc/shadow file to store ecrypted password instead of /etc/passwd

 # pwconv


To switch to standard password mode from shadow mode

 # pwunconv

To list all the failed login attempts

 # lastb

To force the user "user1" to change his password during next login;

 # passwd -f user1

Format of /etc/shadow

 loginname:password:lastchange:mindays:maxdays:warndays:inactivity:expiration:reserved

Some files related to logged in users

 /var/adm/wtmps  ## all the successful logins. Access using last command
 /var/adm/btmps  ## all the bad login info. Access using lastb
 /var/adm/utpms  ## has the list of currently logged in users. Access using who command.


The security attributes description file, /etc/security.dsc, lists the attributes that can be defined either in /etc/default/security, in the user database in /var/adm/userdb, or in both files. Some attributes are configurable and some are internal.


To display all attributes for user "user1"

 # userdbget -u user1

To identiy and repair the problems in User database

 # userdbck

To check the status of local user accounts

 # userstat -a

Post a Comment

1 Comments