Security hardening for standard HP-UX users Post: 303008195

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Security Issue with Standard Input?

Hi Gang, Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with: #!/bin/sh myfile=`basename "$1"` dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date mydatedfile=$myfile.$dateNow...

2. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:)

3. Shell Programming and Scripting

standard error to standard out question

Hi there how can i get the result of a command to not give me its error. For example, on certain systems the 'zfs' command below is not available, but this is fine becaues I am testing against $? so i dont want to see the message " command not found" Ive tried outputting to /dev/null 2>&1 to no...

4. UNIX for Dummies Questions & Answers

Redirect Standard output and standard error into spreadsheet

Hey, I'm completely new at this and I was wondering if there is a way that I would be able to redirect the log files in a directories standard output and standard error into and excel spreadsheet in anyway? Please remember don't use too advanced of terminology as I just started using shell...

5. UNIX for Dummies Questions & Answers

Pop the users one by one in sudo cat /etc/security/user

Hi Everyone, When I runthe query in ssh shell sudo cat /etc/security/user , I see half of the users cut down from the display screen. what I want to do is using the somthing like "pop" that when I hit the enter key every time the screen should move to the next user? does some one has any idea how...

LEARN ABOUT OPENSOLARIS

in.uucpd

in.uucpd(1M)						  System Administration Commands					      in.uucpd(1M)

NAME

       in.uucpd, uucpd - UUCP server

SYNOPSIS

       /usr/sbin/in.uucpd [-n]

DESCRIPTION

       in.uucpd is the server for supporting UUCP connections over networks.

       in.uucpd  is  invoked by inetd(1M) when a UUCP connection is established, that is, a connection to the port indicated in the "uucp" service
       specification, and executes the following protocol. See services(4):

	   1.	  The server prompts with login:. The uucico(1M) process at the other end must supply a username.

	   2.	  Unless the username refers to an account without a password, the server then prompts with Password:. The uucico process  at  the
		  other end must supply the password for that account.

       If  the	username  is not valid, or is valid but refers to an account that does not have /usr/lib/uucp/uucico as its login shell, or if the
       password is not the correct password for that account, the connection is dropped.  Otherwise, uucico is run, with the user  ID,	group  ID,
       group  set, and home directory for that account, with the environment variables USER and  LOGNAME set to the specified username, and with a
       -u flag specifying the username. Unless the -n flag is specified, entries are made in /var/adm/utmpx, /var/adm/wtmpx, and  /var/adm/lastlog
       for the username. in.uucpd must be invoked by a user with appropriate privilege (usually root) in order to be able to verify that the pass-
       word is correct.

SECURITY

       in.uucpd uses pam(3PAM) for authentication, account management, and session management.	 The  PAM  configuration  policy,  listed  through
       /etc/pam.conf,  specifies the modules to be used for in.uucpd. Here is a partial pam.conf file with entries for uucp using the UNIX authen-
       tication, account management, and session management module.

	 uucp	 auth requisite 	 pam_authtok_get.so.1
	 uucp	 auth required		 pam_dhkeys.so.1
	 uucp	 auth required		 pam_unix_auth.so.1

	 uucp	 account requisite	 pam_roles.so.1
	 uucp	 account required	 pam_projects.so.1
	 uucp	 account required	 pam_unix_account.so.1

	 uucp	   session required	 pam_unix_session.so.1

       If there are no entries for the uucp service, then the entries for the "other" service will be used. If multiple authentication modules are
       listed, then the peer may be prompted for multiple passwords.

FILES

       /var/adm/utmpx	   accounting

       /var/adm/wtmpx	   accounting

       /var/adm/lastlog    time of last login

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWbnuu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1),  inetadm(1M),  inetd(1M),  svcadm(1M),	uucico(1M),  pam(3PAM),  pam.conf(4),  services(4),  attributes(5),  pam_authtok_check(5),
       pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),  pam_unix_account(5),  pam_unix_auth(5),  pam_unix_session(5),
       smf(5)

DIAGNOSTICS

       All diagnostic messages are returned on the connection, after which the connection is closed.

       user read	   An error occurred while reading the username.

       passwd read	   An error occurred while reading the password.

       Login incorrect.    The	username is invalid or refers to an account with a login shell other than /usr/lib/uucp/uucico, or the password is
			   not the correct password for the account.

NOTES

       The in.uucpd service is managed by the service management facility, smf(5), under the service identifier:

	 svc:/network/uucp

       Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibil-
       ity for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view config-
       uration information for this service. The service's status can be queried using the svcs(1) command.

       The pam_unix(5) module is no longer supported. Similar functionality is provided  by  pam_authtok_check(5),  pam_authtok_get(5),  pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.11							    12 Aug 2004 						      in.uucpd(1M)