UCF STIG Viewer Logo

The system must be configured to operate in a security mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-960 GEN000000-HPUX0020 SV-38681r2_rule DCSW-1 Medium
Description
When operating in standard mode, account passwords are stored in the /etc/passwd file, which is world readable. By operating in either Trusted Mode or Standard Mode with Security Extensions, the system security posture is enhanced thru the addition of a secure, non-world readable password container other than /etc/passwd.
STIG Date
HP-UX SMSE Security Technical Implementation Guide 2014-02-28

Details

Check Text ( C-2278r3_chk )
For Trusted Mode, determine if the /tcb directory tree exists.
# ls -lLd /tcb
If the /tcb directory tree does not exist, this is a finding.

For SMSE:
Determine if the userdb directory tree and the /etc/shadow file exists.
# ls -lL /var/adm/userdb
# ls -lL /etc/shadow

If both the /var/adm/userdb directory tree and the /etc/shadow file do not exist, this is a finding.
Fix Text (F-33047r2_fix)
SAM/SMH must be used to convert standard mode HP-UX to Trusted Mode (optional for SMSE).
For Trusted Mode only:
The following command may be used to “manually” convert from Standard Mode to Trusted Mode (note that its use is not vendor supported):
# tsconvert -c

For SMSE only:
The following command may be used to “manually” create the /etc/shadow file with information from the /etc/passwd file (use of this commend is vendor supported).
# pwconv

Note that additional software bundles and/or patches may be required in order to completely convert a standard mode system to SMSE.