Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security hardening for standard HP-UX users
Operating Systems HP-UX Security hardening for standard HP-UX users Post 303008194 by anaigini45 on Tuesday 28th of November 2017 11:46:39 AM
Old 11-28-2017
Security hardening for standard HP-UX users
Hi,

The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.

Will there be any impact if we change these user's shell to /bin/false?

Like processes get interrupted, files cannot be generated, etc.

Regards
 

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Security Issue with Standard Input?

Hi Gang, Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with: #!/bin/sh myfile=`basename "$1"` dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date mydatedfile=$myfile.$dateNow... (2 Replies)
Discussion started by: yall
2 Replies

2. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

3. Shell Programming and Scripting

standard error to standard out question

Hi there how can i get the result of a command to not give me its error. For example, on certain systems the 'zfs' command below is not available, but this is fine becaues I am testing against $? so i dont want to see the message " command not found" Ive tried outputting to /dev/null 2>&1 to no... (5 Replies)
Discussion started by: hcclnoodles
5 Replies

4. UNIX for Dummies Questions & Answers

Redirect Standard output and standard error into spreadsheet

Hey, I'm completely new at this and I was wondering if there is a way that I would be able to redirect the log files in a directories standard output and standard error into and excel spreadsheet in anyway? Please remember don't use too advanced of terminology as I just started using shell... (6 Replies)
Discussion started by: killaram
6 Replies

5. UNIX for Dummies Questions & Answers

Pop the users one by one in sudo cat /etc/security/user

Hi Everyone, When I runthe query in ssh shell sudo cat /etc/security/user , I see half of the users cut down from the display screen. what I want to do is using the somthing like "pop" that when I hit the enter key every time the screen should move to the next user? does some one has any idea how... (4 Replies)
Discussion started by: starter2011
4 Replies

LEARN ABOUT DEBIAN

smrsh

SMRSH(8)						      System Manager's Manual							  SMRSH(8)

NAME

       smrsh - restricted shell for sendmail

SYNOPSIS

       smrsh -c command

DESCRIPTION

       The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files.  It sharply limits
       the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system.   Briefly,
       even  if  a  ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
       that he or she can execute.

       Briefly, smrsh limits programs to be in a single directory, by default /usr/adm/sm.bin, allowing the system administrator to choose the set
       of  acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''.  It also rejects any commands with the charac-
       ters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run''  attacks.	It
       allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''

       Initial	pathnames  on programs are stripped, so forwarding to ``/usr/ucb/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
       tion'', and ``vacation'' all actually forward to ``/usr/adm/sm.bin/vacation''.

       System administrators should be conservative about populating the sm.bin directory.  For example, a reasonable  additions  is  vacation(1),
       and  the  like.	No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the sm.bin direc-
       tory.  Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); it simply  dis-
       allows  execution  of  arbitrary  programs.   Also,  including mail filtering programs such as procmail(1) is a very bad idea.  procmail(1)
       allows users to run arbitrary programs in their procmailrc(5).

COMPILATION

       Compilation should be trivial on most systems.  You may need to use -DSMRSH_PATH="path" to adjust the default search  path  (defaults	to
       ``/bin:/usr/bin:/usr/ucb'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/adm/sm.bin'').

FILES

       /usr/adm/sm.bin - default directory for restricted programs on most OSs

       /var/adm/sm.bin - directory for restricted programs on HP UX and Solaris

       /usr/libexec/sm.bin - directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD

SEE ALSO

       sendmail(8)

							   $Date: 2004/08/06 03:55:35 $ 						  SMRSH(8)
All times are GMT -4. The time now is 03:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy