Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-960 | GEN000000-HPUX0020 | SV-38681r2_rule | DCSW-1 | Medium |
Description |
---|
When operating in standard mode, account passwords are stored in the /etc/passwd file, which is world readable. By operating in either Trusted Mode or Standard Mode with Security Extensions, the system security posture is enhanced thru the addition of a secure, non-world readable password container other than /etc/passwd. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2016-12-20 |
Check Text ( C-2278r4_chk ) |
---|
For Trusted Mode: Determine if the /tcb directory tree exists. # ls -lLd /tcb If the /tcb directory tree does not exist, this is a finding. For SMSE: Determine if the userdb directory tree and the /etc/shadow file exists. # ls -lL /var/adm/userdb # ls -lL /etc/shadow If both the /var/adm/userdb directory tree and the /etc/shadow file do not exist, this is a finding. |
Fix Text (F-33047r2_fix) |
---|
SAM/SMH must be used to convert standard mode HP-UX to Trusted Mode (optional for SMSE). For Trusted Mode only: The following command may be used to “manually” convert from Standard Mode to Trusted Mode (note that its use is not vendor supported): # tsconvert -c For SMSE only: The following command may be used to “manually” create the /etc/shadow file with information from the /etc/passwd file (use of this commend is vendor supported). # pwconv Note that additional software bundles and/or patches may be required in order to completely convert a standard mode system to SMSE. |