Manualshelf

HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software
71727374757677787980
Table 6-4 User Database Manpages
DescriptionManpage
Provides an overview of the use of the user database.userdb(4)
Describes userdbset functionality and syntax.
userdbset(1M)
Describes userdbget functionality and syntax.
userdbget(1M)
Describes userdbck functionality and syntax.
userdbck(1M)
Describes the userstat functionality and syntax.
userstat(1M)
Configuring Attributes in the User Database
In previous HP-UX systems, security attributes and password policy restrictions were set a
systemwide basis. With HP-UX SMSE, you can configure some security attributes on a per-user
basis. Attributes configured per-user override systemwide configured attributes.
To modify a user's attribute values, follow these steps:
1. Decide which users to modify and which attributes will apply to them.
For example, you want user joe to be able to log in to the system only from 8am to 5pm on
Mondays.
2. Change the attributes using the userdbset command as follows:
# userdbset -u user-name attribute-name=attribute-value
For example, to specify that user joe can log in to the system only from 8am to 5pm, enter:
# userdbset -u joe LOGIN_TIMES=Mo0800-1700
Troubleshooting the User Database
Use the following procedures to troubleshoot the user database.
Problem 1: A user's security attributes seems to be misconfigured. If you suspect that user
information is misconfigured in the user database, run the following command:
# userdbget -u username
The attributes configured for the user username are displayed. If an attribute is misconfigured,
reconfigure the attribute. Refer to “Configuring Attributes in the User Database” for instructions.
Problem 2: The user database is not functioning properly. If you need to check the user database,
run the following command:
# userdbck
The userdbck command identifies and repairs problems in the user database.
Auditing
The purpose of auditing is to selectively record events for analysis and detection of security
breaches. The audit data is recorded in log files. Thus, the auditing system acts as a deterrent
against system abuses and exposes potential security weaknesses.
HP-UX has two types of audit systems. On a trusted mode system, you enable auditing by using
SAM or audit commands. On a standard mode system, auditing is a feature of the Standard
Mode Security Extensions in HP-UX 11i Security Containment. The following sections describe
auditing on a standard mode system.
Auditing Components
The auditing feature of HP-UX 11i Security Containment contains configuration files, commands,
and manpages. These are listed in the following sections.
74 Standard Mode Security Extensions