Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Setting Up Your Trusted System
Chapter 8790
Setting Up Your Trusted System
To set up and maintain a Trusted System, follow these steps:
1. Establish an overall security policy appropriate to your work site.
See “Planning System Security” on page 744.
2. Inspect all existing files on your system for security risks, and
remedy them. This is important before you convert to a Trusted
System. Thereafter, examine your files regularly, or when you
suspect a security breach. See “Guidelines for Mounting and
Unmounting a File System” on page 779 for useful procedures.
3. Back up your file system for later recovery of user files. You should
also back up the /etc/passwd file to tape before the conversion.
You can use any of the backup and recovery programs provided by
HP-UX for your initial backup and recovery. Once security features
are implemented, however, use only fbackup and frecover, which
preserve and restore access control lists (ACLs). See fbackup (1M)
and frecover (1M).
4. Convert to a Trusted System. (Conversion to a Trusted System is an
easily reversible operation.)
To convert to a Trusted System, run SAM, highlight “Auditing and
Security” and activate any of the audit screens to get to the Convert
to Trusted System prompt. You may receive a confirmation
prompt. Press Y to begin the conversion process.
When you convert to a Trusted System, the conversion program:
• Creates a new, protected password database in
/tcb/files/auth/.
• Moves encrypted passwords from the /etc/passwd file to the
protected password database and replaces the password field in
/etc/passwd with an asterisk (*).
• Forces all users to use passwords.
• Creates an audit ID number for each user.
• Turns on the audit flag for all existing users.