Visit Our UNIX and Linux User Community

Security hardening for standard HP-UX users

Thread Tools Search this Thread
Operating Systems HP-UX Security hardening for standard HP-UX users
# 1  
Old 11-28-2017
Security hardening for standard HP-UX users


The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.

Will there be any impact if we change these user's shell to /bin/false?

Like processes get interrupted, files cannot be generated, etc.

# 2  
Old 11-28-2017
Are there any processes with any of these owners?
ps -fu bin,adm,daemon,uucp,lp,hpdb

These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
# 3  
Old 11-29-2017
I agree. Have a look at /etc/shadow or wherever the credentials files are held (somewhere down /tcb/auth/files ?) where there is a file for each user. If the password is *LK* or something else that is not a random 13 character string, then they can't be logged onto anyway. In theory someone with super-user privilege could su to them without needing a password, but then they would have all privileges already.

# 4  
Old 12-01-2017
/etc/shadow does not exist by default on HPUX system.

It is an additional install, and it should be done to harden the security, if required.
Otherwise, any user on the system can copy the /etc/passwd file and brute force the hashes.

You do not want to change those system users shell or anything else.
This is not a security issue nor it should be considered one since those users do not have a password defined.

Hope that helps

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Pop the users one by one in sudo cat /etc/security/user

Hi Everyone, When I runthe query in ssh shell sudo cat /etc/security/user , I see half of the users cut down from the display screen. what I want to do is using the somthing like "pop" that when I hit the enter key every time the screen should move to the next user? does some one has any idea how... (4 Replies)
Discussion started by: starter2011
4 Replies

2. UNIX for Dummies Questions & Answers

Redirect Standard output and standard error into spreadsheet

Hey, I'm completely new at this and I was wondering if there is a way that I would be able to redirect the log files in a directories standard output and standard error into and excel spreadsheet in anyway? Please remember don't use too advanced of terminology as I just started using shell... (6 Replies)
Discussion started by: killaram
6 Replies

3. Shell Programming and Scripting

standard error to standard out question

Hi there how can i get the result of a command to not give me its error. For example, on certain systems the 'zfs' command below is not available, but this is fine becaues I am testing against $? so i dont want to see the message " command not found" Ive tried outputting to /dev/null 2>&1 to no... (5 Replies)
Discussion started by: hcclnoodles
5 Replies

4. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

5. Shell Programming and Scripting

Security Issue with Standard Input?

Hi Gang, Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with: #!/bin/sh myfile=`basename "$1"` dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date mydatedfile=$myfile.$dateNow... (2 Replies)
Discussion started by: yall
2 Replies

Featured Tech Videos