Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security hardening for standard HP-UX users
Operating Systems HP-UX Security hardening for standard HP-UX users Post 303008195 by MadeInGermany on Tuesday 28th of November 2017 01:00:12 PM
Old 11-28-2017
Are there any processes with any of these owners?
Code:
ps -fu bin,adm,daemon,uucp,lp,hpdb

These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
 

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Security Issue with Standard Input?

Hi Gang, Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with: #!/bin/sh myfile=`basename "$1"` dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date mydatedfile=$myfile.$dateNow... (2 Replies)
Discussion started by: yall
2 Replies

2. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

3. Shell Programming and Scripting

standard error to standard out question

Hi there how can i get the result of a command to not give me its error. For example, on certain systems the 'zfs' command below is not available, but this is fine becaues I am testing against $? so i dont want to see the message " command not found" Ive tried outputting to /dev/null 2>&1 to no... (5 Replies)
Discussion started by: hcclnoodles
5 Replies

4. UNIX for Dummies Questions & Answers

Redirect Standard output and standard error into spreadsheet

Hey, I'm completely new at this and I was wondering if there is a way that I would be able to redirect the log files in a directories standard output and standard error into and excel spreadsheet in anyway? Please remember don't use too advanced of terminology as I just started using shell... (6 Replies)
Discussion started by: killaram
6 Replies

5. UNIX for Dummies Questions & Answers

Pop the users one by one in sudo cat /etc/security/user

Hi Everyone, When I runthe query in ssh shell sudo cat /etc/security/user , I see half of the users cut down from the display screen. what I want to do is using the somthing like "pop" that when I hit the enter key every time the screen should move to the next user? does some one has any idea how... (4 Replies)
Discussion started by: starter2011
4 Replies

LEARN ABOUT MINIX

passwd

PASSWD(5)							File Formats Manual							 PASSWD(5)

NAME

       passwd, group, shadow - user and group databases, shadow passwords

SYNOPSIS

       /etc/passwd
       /etc/group
       /etc/shadow

DESCRIPTION

       /etc/passwd  lists  all	the  users  of	the  system, and /etc/group lists all the groups the users may belong to.  Both files also contain
       encrypted passwords, numeric ID's etc.  Encrypted passwords may be hidden in the file /etc/shadow if extra protection is warranted.

       Each file is an text file containing one line per user or group.  The data fields on a line are separated by  colons.   Each  line  in  the
       password file has the following form:

	      name:passwd:uid:gid:gecos:dir:shell

       The  name  field is the login name of a user, it is up to 8 letters or numbers long starting with a letter.  The login name must be unique.
       The password field is either empty (no password), a 13 character encrypted password as returned by crypt(3), or a login	name  preceded	by
       two  number  signs  (#)	to  index the shadow password file.  Anything else (usually *) is invalid.  The uid and gid fields are two numbers
       indicating the users user-id and group-id.  These id's do not have to be unique, there may be more than one name with the same  id's.   The
       gecos  field can be set by the user.  It is expected to be a comma separated list of personal data where the first item is the full name of
       the user.  The dir field is the path name of the users home directory.  Lastly the shell field is the path name of the users  login  shell,
       it  may be empty to indicate /bin/sh.  A Minix specific extension allows the shell field to contain extra space separated arguments for the
       shell.

       Lines in the group file consist of four fields:

	      name:passwd:gid:mem

       The name field is the name of the group, same restrictions as a login name.  The passwd field may be used to let users change groups.   The
       gid  field  is  a number telling the group-id.  The group-id is unique for a group.  The mem field is a comma separated list of login names
       that are special members of the group.  If a system supports supplementary group id's then a user's set of supplementary group id's is  set
       to  all the groups they are a member of.  If a system allows one to change groups then one can change to a group one is a member of without
       using the group's password.

       The shadow password file has precisely the same form as the password file, except that only the name or passwd fields are used as yet.  The
       other fields are zero or empty.	A password in the password file may have the form ##user to indicate the entry user in the shadow password
       file.  The password in this entry is then used for authentication of the user.  The shadow file can only be read by the privileged  utility
       pwdauth(8), so that the encrypted passwords in the shadow file are kept secret, and thus safe from a dictionary attack.

   Special password and group file entries
       There  are  several  entries  in  the  password and group files that are preallocated for current or future use.  All id's less than 10 are
       reserved.  The special password file entries are:

	      root:##root:0:0:Big Brother:/usr/src:
	      daemon:*:1:1:The Deuce:/etc:
	      bin:##root:2:0:Binaries:/usr/src:
	      uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
	      news:*:6:6:Usenet news:/usr/spool/news:
	      ftp:*:7:7:Anonymous FTP:/usr/ftp:
	      nobody:*:9999:99::/tmp:
	      ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:

       The root id is of course the super user.  The daemon id is used by some daemons.  Some devices are protected so that only those daemons can
       access  them.   The bin id owns all sources and most binaries.  The uucp, news and ftp id's are for serial line data transfer, usenet news,
       or ftp if so needed.  The nobody id is used in those cases that a program may not have any privileges at all.  The ast id is  the  honorary
       home directory for Andrew S. Tanenbaum, the creator of Minix.  You can also find the initial contents for a new home directory there.

       The special group file entries are:

	      operator:*:0:
	      daemon:*:1:
	      bin:*:2:
	      other:*:3:
	      tty:*:4:
	      uucp:*:5:
	      news:*:6:
	      ftp:*:7:
	      kmem:*:8:
	      nogroup:*:99:

       Groups  with the same name as special user id are used with those id's.	The operator group is for the administrators of the system.  Users
       in this group are granted special privileges.  The other group is for ordinary users.  The tty group is for terminal devices,  and  associ-
       ated set-gid commands.  Same thing with the kmem group and memory devices.

FILES

       /etc/passwd    The user database.

       /etc/group     The group database.

       /etc/shadow    The shadow password file.

SEE ALSO

       login(1), passwd(1), su(1), crypt(3), getpwent(3), getgrent(3), pwdauth(8).

NOTES

       The nobody and nogroup id's are likely to be renumbered to the highest possible id's once it is figured out what they are.

AUTHOR

       Kees J. Bot (kjb@cs.vu.nl)

																	 PASSWD(5)
All times are GMT -4. The time now is 09:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy