Automatic disabling of user accounts under HP-UX

Automatic disabling of user accounts under HP-UX

Post by Stephen Vea » Sat, 23 Mar 1996 04:00:00



I need to develop some utility to automatically disable a Unix user
account if there are three unsuccessful login attempts.

So far I've worked out I need a daemon process to monitor the login
accounting files (you know, those used by last and lastb).

Or do I??? Perhaps someone has an alternative solution or even better,
some semi-suitable source code.

All tips welcome...thanks

 
 
 

Automatic disabling of user accounts under HP-UX

Post by Frank Stua » Mon, 25 Mar 1996 04:00:00



>I need to develop some utility to automatically disable a Unix user
>account if there are three unsuccessful login attempts.

>So far I've worked out I need a daemon process to monitor the login
>accounting files (you know, those used by last and lastb).

>Or do I??? Perhaps someone has an alternative solution or even better,
>some semi-suitable source code.

>All tips welcome...thanks

I really doubt you want to do this.  This would let anyone disable any
account they wanted to.  However, you probably have the ability to log
multiple unsuccessful login attempts.  In Solaris, you could use loginlog.
I'm not sure if that's a System V thing or not, but it might be worth a
look.

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even
Frank Stuart              | when you take into account Hofstadter's Law.

 
 
 

Automatic disabling of user accounts under HP-UX

Post by Tolson Smi » Wed, 27 Mar 1996 04:00:00


I am not sure about HP-UX but under Digital Unix formerly OSF we enabled C2
security.  It lets us define on a system or user basis how many unsuccessful
login attemps before locking the account.

As for Frank's comment this is something that is definitely required to help
ensure the administrator who is logging on and when possible security breaches
may occur.

Tolson Smith



>>I need to develop some utility to automatically disable a Unix user
>>account if there are three unsuccessful login attempts.

>>So far I've worked out I need a daemon process to monitor the login
>>accounting files (you know, those used by last and lastb).

>>Or do I??? Perhaps someone has an alternative solution or even better,
>>some semi-suitable source code.

>>All tips welcome...thanks

>I really doubt you want to do this.  This would let anyone disable any
>account they wanted to.  However, you probably have the ability to log
>multiple unsuccessful login attempts.  In Solaris, you could use loginlog.
>I'm not sure if that's a System V thing or not, but it might be worth a
>look.

>                          | (Douglas) Hofstadter's Law:
>                          | It always takes longer than you expect, even
>Frank Stuart              | when you take into account Hofstadter's Law.

 
 
 

Automatic disabling of user accounts under HP-UX

Post by Shane Seymou » Tue, 09 Apr 1996 04:00:00



> I am not sure about HP-UX but under Digital Unix formerly OSF we enabled C2
> security.  It lets us define on a system or user basis how many unsuccessful
> login attemps before locking the account.

> As for Frank's comment this is something that is definitely required to help
> ensure the administrator who is logging on and when possible security breaches
> may occur.

> Tolson Smith



> >>I need to develop some utility to automatically disable a Unix user
> >>account if there are three unsuccessful login attempts.

> >>So far I've worked out I need a daemon process to monitor the login
> >>accounting files (you know, those used by last and lastb).

> >>Or do I??? Perhaps someone has an alternative solution or even better,
> >>some semi-suitable source code.

> >>All tips welcome...thanks

> >I really doubt you want to do this.  This would let anyone disable any
> >account they wanted to.  However, you probably have the ability to log
> >multiple unsuccessful login attempts.  In Solaris, you could use loginlog.
> >I'm not sure if that's a System V thing or not, but it might be worth a
> >look.

> >                          | (Douglas) Hofstadter's Law:
> >                          | It always takes longer than you expect, even
> >Frank Stuart              | when you take into account Hofstadter's Law.

You'll need to goto HP-UX 10.0* and above and enable C2 to get the system to do it, its configurable through
SAM. The upgrade from 9 to 10 is fairly easy. Note that some of HP-UX products like the JFS are not yet
supported on a trusted HP-UX system, and there are some patches that you MUST have installed (particularly the
one about the TCB lock files).

Shane