[SunHELP] Solaris Security
Christopher Smiga
csmiga at n2bb.com
Thu Oct 10 10:13:33 CDT 2002
Matthew,
"locked" still means what it is saying. This verifies why the "root"
account needs to be heavily protected. Remember, "root" is omni present,
god of the system. I use encrypted passwords for my root accounts.
Anything to resist attacks. Listed is a scheme I have used before.
Example:
50mn073nT = somnolent
1 = i
2 = z
3 = e
4 = q
5 = s
6 = d
7 = L
8 = B
9 = g
0 = o
Typically the last alpha character in the string is capitalized.
This goes along with hardening the system.
Thought I'd share my ideas.
Christopher Smiga
System Engineer (Sun SCSA, SCNA)
N2 Broadband Network Operations
e-Mail: csmiga at n2bb.com
Phone: 888-671-1268 (NOC)
-----
N2 Broadband, Inc. (www.n2bb.com)
4500 River Green Parkway, Suite 110
Duluth, GA. 30096-2564
-----Original Message-----
From: Simoncini, Matthew [mailto:Matthew.Simoncini at bsci.com]
Sent: Thursday, October 10, 2002 10:54 AM
To: 'sunhelp at sunhelp.org'
Subject: [SunHELP] Solaris Security
Hello gurus,
We're in the process of tightening the security on our Solaris Servers
and
while setting the "account inactivity" threshold I noticed that some
accounts have *LK* in the second field.
listen:*LK*:::::::
ppp:*LK*:::::::
lanman:*LK*:::::::
john_doe:*LK*:::::30::
Reading through the man pages for /etc/shadow, I understand that the
*LK*
must be the "lock string" they refer to. I would then assume that given
the
string is present, no one should be able to log into these accounts as
they
are locked. My confusion starts when I can "su" to these users from
root, so
then I start asking myself what does "locked" really mean.
Anyone have any ideas?
Thanks.
Matthew
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list