Unix/Linux Go Back    

HP-UX HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on System V.

Security hardening for standard HP-UX users


Thread Tools Search this Thread Display Modes
Old Unix and Linux 11-28-2017   -   Original Discussion by anaigini45
anaigini45's Unix or Linux Image
anaigini45 anaigini45 is offline
Registered User
Join Date: Oct 2009
Last Activity: 15 May 2018, 4:11 AM EDT
Posts: 115
Thanks: 7
Thanked 0 Times in 0 Posts
Security hardening for standard HP-UX users


The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.

Will there be any impact if we change these user's shell to /bin/false?

Like processes get interrupted, files cannot be generated, etc.

Sponsored Links
Old Unix and Linux 11-28-2017   -   Original Discussion by anaigini45
MadeInGermany's Unix or Linux Image
MadeInGermany MadeInGermany is offline Forum Staff  
Join Date: May 2012
Last Activity: 25 May 2018, 6:53 PM EDT
Location: Simplicity
Posts: 4,084
Thanks: 351
Thanked 1,379 Times in 1,243 Posts
Are there any processes with any of these owners?

ps -fu bin,adm,daemon,uucp,lp,hpdb

These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
Sponsored Links
Old Unix and Linux 11-29-2017   -   Original Discussion by anaigini45
rbatte1's Unix or Linux Image
rbatte1 rbatte1 is offline Forum Staff  
Root armed
Join Date: Jun 2007
Last Activity: 24 May 2018, 12:44 PM EDT
Location: Lancashire, UK
Posts: 3,535
Thanks: 1,558
Thanked 692 Times in 622 Posts
I agree. Have a look at /etc/shadow or wherever the credentials files are held (somewhere down /tcb/auth/files ?) where there is a file for each user. If the password is *LK* or something else that is not a random 13 character string, then they can't be logged onto anyway. In theory someone with super-user privilege could su to them without needing a password, but then they would have all privileges already.

Old Unix and Linux 11-30-2017   -   Original Discussion by anaigini45
Peasant's Unix or Linux Image
Peasant Peasant is offline Forum Advisor  
Registered User
Join Date: Mar 2011
Last Activity: 25 May 2018, 12:25 PM EDT
Posts: 1,177
Thanks: 32
Thanked 358 Times in 309 Posts
/etc/shadow does not exist by default on HPUX system.

It is an additional install, and it should be done to harden the security, if required.
Otherwise, any user on the system can copy the /etc/passwd file and brute force the hashes.

You do not want to change those system users shell or anything else.
This is not a security issue nor it should be considered one since those users do not have a password defined.

Hope that helps
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Pop the users one by one in sudo cat /etc/security/user starter2011 UNIX for Dummies Questions & Answers 4 12-05-2011 10:27 AM
Security Issue with Standard Input? yall Shell Programming and Scripting 2 10-10-2006 10:04 AM

All times are GMT -4. The time now is 10:28 PM.