Detections
Analytics
GEN000000-HPUX0020 - The system must be configured to operate in a security mode - '/etc/shadow directory exists'
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
When operating in standard mode, account passwords are stored in the /etc/passwd file, which is world readable. By operating in either Trusted Mode or Standard Mode with Security Extensions, the system security posture is enhanced thru the addition of a secure, non-world readable password container other than /etc/passwd.Solution
SAM/SMH must be used to convert standard mode HP-UX to Trusted Mode (optional for SMSE).For Trusted Mode only:
The following command may be used to 'manually' convert from Standard Mode to Trusted Mode (note that its use is not vendor supported):
# tsconvert -c
For SMSE only:
The following command may be used to 'manually' create the /etc/shadow file with information from the /etc/passwd file (use of this commend is vendor supported).
# pwconv
Note that additional software bundles and/or patches may be required in order to completely convert a standard mode system to SMSE.
See Also
https://iasecontent.disa.mil/stigs/zip/U_HPUX_11-31_V1R19_STIG.zip
Item Details
Audit Name: DISA STIG HP-UX 11.31 v1r19
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5, CAT|II, CCI|CCI-000293, CCI|CCI-000633, CSCv6|3.1, Rule-ID|SV-38681r2_rule, STIG-ID|GEN000000-HPUX0020, Vuln-ID|V-960
Plugin: Unix
Control ID: 51b155a19ae11a0de1ed3057374976c7420b1348cef714776e39ead8f2b8ac82