05-25-2006 04:42 AM
can be downloaded at:
05-26-2006 04:38 AM
For 11iv2 / 11.23, this bundle is called HPUXBaseOS.
2. Security patches can be obtained from
- the ITRC patch area as explained above, or
- the 'security_patch_check' command / tool
3. ShadowPassword is an optional product. You can download it for free from the HP Software Depot: http://software.hp.com
05-29-2006 02:24 AM
in the item 3, you say to me that in the Link http://software.hp.com I can dowload the shadowpassword product, ok perfect, but
reviewing the document it says that it requires HP-UX 11,11, is been worth for HP-UX 11i v2 (11.23)
05-29-2006 02:30 AM
There is no download for Shadow Passwords at HP-UX version 11.23 because it is
part of the OS.
This is documented in the HP-UX 11i Version 2 Release Notes:
"The HP-UX 11i v2 release introduces an optional, configurable Shadow Password
feature based on the de facto standard provided by other UNIX flavors,
including Sun Solaris and Linux."
Note: It was backported to 11.11, that is why there was a download for 11.11.
05-29-2006 03:07 AM
2. PAM is the authentication method for 11i and higher. Version 11.00 implemented some authentication with PAM but the conversion is complete only in 11i. /etc/security does not exist in HP-UX. The file is /etc/default/security and has almost no effect for a standard system, a few controls are active in a shadow password system, and virtually all the lines are available in a Trusted system. Use the command:
to read about this file. The man page for pam (and related pam subjects) gives information on how to integrate other modules...I have no idea if pam_cracklib will work on HP-UX. A search of the net shows a few experiments but no solid directions on how to set it up. If you use a PAM module, it will override the built-in Trusted system features for password format. SAM can configure many of your password policies both at the user level as well at the system level. The /etc/default/security and the values listed in SAM for system and users all work together.
3. Single user mode can require a password. Since single user mode is unlike a normal Unix environment, there are no users (directories like /usr and /home are unmounted) so there is only one login possible: root. As far as getting into single user mode, the commands init s and shutdown 0 do not reach single user mode. Only a complete reboot and interaction during the boot process will get to single user mode. Naturally, there is no networking during bootup and in single user mode so all of this must take place on the real console. Only root users are allowed to shutdown the machine unless you have made special provisions in /etc/shutdown.allow file.
4. As mentioned, su always logs it's activities and always creates the sulog file if it does not exist. However, su is not the tool of choice for a secure and autdited system. The sudo command (a contributed program) is much preferred.
Pls refer this patch and its fixes etc:
05-29-2006 03:10 AM
For required patch check here
Hope that helps
05-29-2006 03:13 AM
05-29-2006 03:49 AM
Shadow Passwords are intrinsically part of 11.23. It is not an add-on product. See chapter-7 of the 11.23 release notes: