Posts Tagged security
Forcing an user changing the password on AIX
Posted by Lincoln Zuljewic Silva in Aix on November 30th, 2009
Forcing an user changing the password on AIX
On AIX, you can use the following commands to unlock na user and force it to change it’s password on first logon:
| pwdadm -f ADMCHG USER |
Lock an user account in HP-UX
Posted by Lincoln Zuljewic Silva in HP-UX on September 24th, 2009
To lock an user account in HP-UX, you can use the following command:
| /usr/lbin/modprpw -m alock=YES USER |
rlogin access denied
Posted by Lincoln Zuljewic Silva in Linux on June 15th, 2009
In some specific situations, you need use rlogin to remote access a server, but you can face the following error:
|
clientServer:~ # rlogin rloginServer Password: Password: Login incorrect
login: root Password: Login incorrect
login: root Password: Login incorrect
login: root Password:
Login incorrect rlogin: connection closed. |
If you check the /var/log/secure log on the “rloginServer”, you will find the following messages:
|
Jun 15 10:44:41 rloginServer rlogind[16640]: pam_securetty(rlogin:auth): access denied: tty ‘rlogin’ is not secure ! Jun 15 10:44:41 rloginServer rlogind[16640]: pam_rhosts_auth(rlogin:auth): denied to root@10.11.4.9 as root: access not allowed Jun 15 10:44:47 rloginServer login: pam_securetty(remote:auth): access denied: tty ‘pts/0′ is not secure ! Jun 15 10:44:51 rloginServer login: FAILED LOGIN 1 FROM 10.11.4.9 FOR root, Authentication failure Jun 15 10:44:53 rloginServer login: pam_securetty(remote:auth): access denied: tty ‘pts/0′ is not secure ! Jun 15 10:44:58 rloginServer login: FAILED LOGIN 2 FROM 10.11.4.9 FOR root, Authentication failure Jun 15 10:44:58 rloginServer login: pam_unix(remote:auth): bad username [] Jun 15 10:44:58 rloginServer login: pam_succeed_if(remote:auth): error retrieving information about user Jun 15 10:44:58 rloginServer login: FAILED LOGIN 3 FROM 10.11.4.9 FOR , User not known to the underlying authentication module Jun 15 10:44:59 rloginServer login: pam_unix(remote:auth): bad username [] Jun 15 10:44:59 rloginServer login: pam_succeed_if(remote:auth): error retrieving information about user Jun 15 10:44:59 rloginServer login: FAILED LOGIN SESSION FROM 10.11.4.9 FOR , User not known to the underlying authentication module
|
The problem here, is that “rlogin” is not a “secure” shell. To configure it, you should add “rlogin” (without the quotes) to /etc/securetty .
After that, you will be able to access the rlogin server.
Forcing an user changing the password on Solaris
Posted by Lincoln Zuljewic Silva in Solaris on June 8th, 2009
On Solaris, you can use the following commands to unlock na user and force it to change it’s password on first logon:
|
passwd -f <username> passwd: password information changed for <USER> |
HP-UX password maintenance
Posted by Lincoln Zuljewic Silva in HP-UX on June 1st, 2009
Follow a few utilities to maintain the user’s passwords:
/usr/lbin/getprpw <username>- display protected password database
/usr/lbin/modprpw –x <username> – change password
/usr/lbin/modprpw –k <username> – unlock the user
Setting session timeout on Linux
Posted by Lincoln Zuljewic Silva in Linux on May 27th, 2009
To set an automatically shell timeout on Linux (that Will logoff that session after X seconds), you just need setup the following variable (put it in your /etc/profile):
|
echo “TMOUT=300; readonly TMOUT; export TMOUT” >> /etc/profile |
The “readonly” option will not allow an normal user change (ou unset) it.
Locking a Linux account
Posted by Lincoln Zuljewic Silva in Linux on April 9th, 2009
Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.
To lock, you can use the follow command:
|
passwd -l username (where username is the login id). |
After that, if someone try to loginusing this account, the system will return:
|
[root@server root]# su – foobar |
