UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must be configured to operate in a security mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-960 GEN000000-HPUX0020 SV-38681r2_rule DCSW-1 Medium
Description
When operating in standard mode, account passwords are stored in the /etc/passwd file, which is world readable. By operating in either Trusted Mode or Standard Mode with Security Extensions, the system security posture is enhanced thru the addition of a secure, non-world readable password container other than /etc/passwd.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-2278r4_chk )
For Trusted Mode:
Determine if the /tcb directory tree exists.
# ls -lLd /tcb
If the /tcb directory tree does not exist, this is a finding.

For SMSE:
Determine if the userdb directory tree and the /etc/shadow file exists.
# ls -lL /var/adm/userdb
# ls -lL /etc/shadow

If both the /var/adm/userdb directory tree and the /etc/shadow file do not exist, this is a finding.
Fix Text (F-33047r2_fix)
SAM/SMH must be used to convert standard mode HP-UX to Trusted Mode (optional for SMSE).
For Trusted Mode only:
The following command may be used to “manually” convert from Standard Mode to Trusted Mode (note that its use is not vendor supported):
# tsconvert -c

For SMSE only:
The following command may be used to “manually” create the /etc/shadow file with information from the /etc/passwd file (use of this commend is vendor supported).
# pwconv

Note that additional software bundles and/or patches may be required in order to completely convert a standard mode system to SMSE.