Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must be configured to operate in a security mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-960 | GEN000000-HPUX0020 | SV-38681r2_rule | DCSW-1 | Medium |
| Description |
|---|
| When operating in standard mode, account passwords are stored in the /etc/passwd file, which is world readable. By operating in either Trusted Mode or Standard Mode with Security Extensions, the system security posture is enhanced thru the addition of a secure, non-world readable password container other than /etc/passwd. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-05-19 |
Details
| Check Text ( C-2278r4_chk ) |
|---|
| For Trusted Mode: Determine if the /tcb directory tree exists. # ls -lLd /tcb If the /tcb directory tree does not exist, this is a finding. For SMSE: Determine if the userdb directory tree and the /etc/shadow file exists. # ls -lL /var/adm/userdb # ls -lL /etc/shadow If both the /var/adm/userdb directory tree and the /etc/shadow file do not exist, this is a finding. |
| Fix Text (F-33047r2_fix) |
|---|
| SAM/SMH must be used to convert standard mode HP-UX to Trusted Mode (optional for SMSE). For Trusted Mode only: The following command may be used to “manually” convert from Standard Mode to Trusted Mode (note that its use is not vendor supported): # tsconvert -c For SMSE only: The following command may be used to “manually” create the /etc/shadow file with information from the /etc/passwd file (use of this commend is vendor supported). # pwconv Note that additional software bundles and/or patches may be required in order to completely convert a standard mode system to SMSE. |