On HP you can put this scripting in the /etc/profile. That is called everytime a user logs in... and is not writable by normal users other than root.
In addition you can make it an entry in /etc/hosts.allow and /etc/hosts.deny to restrict telnet and rlogin... Just put this in these files... You may need to create them if they dont exist....
Here is a great link to a config of these files...
http://ezine.daemonnews.org/200206/hosts_allow.html
I also put these others in to allow only these methods of accessing my boxes....
# cat /etc/hosts.allow
#all : all : banners=/usr/localcw/opt/sysguard/banners : allow
ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : <myuser> : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : all : banners=/usr/localcw/opt/sysguard/banners : deny
tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
logind : all : banners=/usr/localcw/opt/sysguard/banners : allow
rlogind : all : banners=/usr/localcw/opt/sysguard/banners : deny
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow
root:/usr/local/bin
# cat /etc/hosts.deny
# Deny all hosts
ALL : ALL
Also, on HPUX there is a security file... do a man security to read about creating it... This file you will need to create in
/etc/default/security
You can also restrict who can even attempt to su to root as well... see this part of the man security...
SU_ROOT_GROUP
This parameter defines the root group name for the su
command. Refer to su(1).
SU_ROOT_GROUP=group_name The root group name is set to
the specified symbolic group name. The su command
enforces the restriction that a non-superuser must be a
member of the specified root group in order to be
allowed to su to root. This does not alter password
checking.
Default value: If this parameter is not defined or if
it is commented out, there is no default value. In
this case, a non superuser is allowed to su to root
without being bound by root group restrictions.