HP-UX

HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on System V.

Security hardening for standard HP-UX users

👤 Login to reply

    #1  
Old 11-28-2017
anaigini45 anaigini45 is offline
Registered User
 
Security hardening for standard HP-UX users

Hi,

The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.

Will there be any impact if we change these user's shell to /bin/false?

Like processes get interrupted, files cannot be generated, etc.

Regards
Sponsored Links
    #2  
Old 11-28-2017
MadeInGermany MadeInGermany is offline Forum Staff  
Moderator
 
Are there any processes with any of these owners?
Code:
ps -fu bin,adm,daemon,uucp,lp,hpdb

These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
Sponsored Links
    #3  
Old 11-29-2017
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
I agree. Have a look at /etc/shadow or wherever the credentials files are held (somewhere down /tcb/auth/files ?) where there is a file for each user. If the password is *LK* or something else that is not a random 13 character string, then they can't be logged onto anyway. In theory someone with super-user privilege could su to them without needing a password, but then they would have all privileges already.



Robin
    #4  
Old 11-30-2017
Peasant's Unix or Linux Image
Peasant Peasant is offline Forum Advisor  
Registered User
 
/etc/shadow does not exist by default on HPUX system.

It is an additional install, and it should be done to harden the security, if required.
Otherwise, any user on the system can copy the /etc/passwd file and brute force the hashes.

You do not want to change those system users shell or anything else.
This is not a security issue nor it should be considered one since those users do not have a password defined.

Hope that helps
Regards
Peasant.
Sponsored Links
👤 Login to reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Pop the users one by one in sudo cat /etc/security/user starter2011 UNIX for Dummies Questions & Answers 4 12-05-2011 10:27 AM
Security Issue with Standard Input? yall Shell Programming and Scripting 2 10-10-2006 10:04 AM



All times are GMT -4. The time now is 11:08 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?