Are you in trusted mode? You can tell by looking to see if there are files under /tcb/files/auth If there is, then under this point, there is one character a directory for the first of each user name and within there, there is a file for each user. Look at the timestamp of the file to see the last update of it, however if it has been attacked (someone tried to use it) then this will have been updated.
Within, there are fields describing last successful login, last failed login, last password update etc. The times recorded are in seconds from 1/1/1970 00:00:00 (the Epoch) so someone here helpfully wrote this bit of Perl that reformats it to make it human readable:-
I have this as a one-line script, so I just run something like:-
Code:
$ realtime 1234567890
Fri Feb 13 23:31:30 2009
I hope that this helps. If you are not in trusted mode, then it depends if you clean out the login history files (whatever they are) Try using the last command. Read the manual pages for the options. It might be useful, maybe not. Unless you intercept and log every use of the various user admin commands (useradd, modprpw, passwd etc.) it's going to be difficult to really prove anything.
As a more general question though, are the auditors complaining that the id they used last time to probe around has been suspended? If it's more that a month since they last used it, then I think you have every right to suspend it to limit the risk of attack, in fact you could argue that it should be suspended immediately after they have finished using it.
i understand they have an important job to do, but sometimes they are the worst offenders just asking for open access whenever they want it. Enforce your standards, especially with them. It could be a test of your procedures
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Hi Admins,
As per my knowledge there are two types of user accounts in unix. root and normal users.
If there are any user types for which we can give some priviledges..?
Actually i want to restrict root access and create new accounts for admins with some of the priviledges.
Please let me... (6 Replies)
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
LEARN ABOUT HPUX
getprpw
getprpw(1M)getprpw(1M)NAME
getprpw - display protected password database
SYNOPSIS
parm[,parm]] username
DESCRIPTION
displays the user's protected password database settings. This command is available only to the superuser in a trusted system. Normally
it is only used via SAM, see sam(1M).
uses the configuration file default if is not specified. See nsswitch.conf(4).
Options
recognizes the following options.
Specifies to get information from the local user.
Displays the arguments supplied to
in raw format
Displays the database value for the argument passed.
An "invalid-opt" is printed if a list of options passed to contains an invalid option. The rest of the options will be processed.
If is specified without all parameters are displayed in the order given below.
Boolean values are returned as or (for system default values in
Numeric values are specified as positive numbers, 0, or -1. A value of -1 indicates that the field has not been assigned a value in
the database.
Units of time are returned in number of days (>=0), although the database keeps them in seconds. This and other minor differences
between the command parameters and the database fields are consistent with modprpw(1M).
The following parameters for the user can be displayed using the option.
They are listed below in the order shown in The database fields are fully explained in prpwd(4).
user uid
boot authorization flag
audit id
audit flag
minimum time between password changes
maximum password length
password expiration time
password lifetime
last successful password change time
last unsuccessful password change time
account expiration time
last login time interval
password expiration warning time
whether user picks password,
whether system generates pronounceable passwords,
whether password is restricted, i.e, checked for triviality,
NULL passwords are allowed,
Not recommended!
whether system generates passwords having characters only,
whether system generates passwords having letters only,
time of day allowed for login
time of last successful login
time of last unsuccessful login
tty of last successful login
consecutive number of unsuccessful logins so far
tty of last unsuccessful login
maximum unsuccessful login tries
administrator lock,
if on, if off, if not set.
returns the reason for a lockout in a "bit" valued string,
where 0 = condition not present, 1 is present. The position, left to right represents:
1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
RETURN VALUE
0 success
1 user not privileged
2 incorrect usage
3 cannot find the password file
4 system is not trusted
EXAMPLES
Displays the database aging fields for user "someusr".
The command displays:
WARNINGS
This command is intended for SAM use only. It may change with each release and can not be guaranteed to be backward compatible.
Several database fields interact with others. The side effects of an individual change may not cause a problem till much later.
Special meanings may apply in the following cases:
o an absent field
o a field without a value
o a field with a zero value
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
System Password file
Protected Password Database
System Defaults Database
SEE ALSO modprpw(1M), prpwd(4), nsswitch.conf(4).
TO BE OBSOLETED getprpw(1M)
06-20-2013
