Answers to Chapter Review Questions

     
A1:

HP-UX Trusted Systems allow HP-UX to achieve C2 classification. C2 offers Controlled Access Protections, which enforces a more finely grained discretionary access control than C1 systems. C2 also offers auditing of security- related events and resource isolation.

A2:

The default restrictions for a non-root password are:

  1. Password is at least six characters long.

  2. At least two alpha characters.

  3. At least one non-alpha character.

  4. Example = hello1

  5. To change the default password length and password content restrictions, we need to utilize the file /etc/default/security.

    1. The password length is controlled by the parameter MIN_PASSWORD_LENGTH=<number> .

    2. The ability to control the password content may require the installation of patch PHCO_27037 (or later). The password content is controlled by the parameters:

       

       1. PASSWORD_MIN_UPPER_CASE_CHARS=<number> 2. PASSWORD_MIN_UPPER_CASE_CHARS=<number> 3. PASSWORD_MIN_UPPER_CASE_CHARS=<number> 4. PASSWORD_MIN_UPPER_CASE_CHARS=<number> 

A3:

A=12 weeks; the user 's password will expire in 12 weeks.

9=11 weeks; the user must retain his current password for the next 11 weeks.

.. = 0 weeks; the password was last changed 0 weeks since Thursday, January 1, 1970.

This means that the user will be forced to change his password the next time he logs in, as a result of the two .. characters. The user will then not be able to change his password for a subsequent 11 weeks. After 11 weeks, he will be able to change his password if he chooses. If he does not change his password, he will be forced to change his password after an additional one week (12 weeks in total).

A4:

Answers:

  1. Barney is not allowed to pick his own password ( u_pickpw@ ); the system will select a password on his behalf that is not a null password ( u_nullpw@ ), is not pronounceable ( u_genpwd@ ), contains only random letters ( u_genletters ) or alpha-numeric characters ( u_genchars ), and is subject to triviality checks ( u_restrict ).

  2. Barney is allowed to log in to the system on Monday, Wednesday, and Friday between the hours of 09:00 and 13:00 ( u_tod=Mo,We,Fr0900-1300 ).

  3. Barney is currently not allowed to log in to the system ( u_lock ).

  4. Barney is allowed to boot the system to single-user mode, assuming that he can supply the correct password for his account ( u_bootauth ).

A5:

"Buffer overflow" problems can happen in programs that require some form of user input. The problem occurs when the amount of data input is not checked. This can lead to a problem where a user supplies a carefully crafted reply that includes enough information to force the program to actually execute the information given in the response as if it were an actual program. If the original program was a SUID-to-root program, this could lead to the situation where the user forces the original program to execute a subsequent program that is effectively running as root and able to circumvent all normal UNIX security checks. "Buffer overflow" problems are also known as "crashing the stack" because the program is executing code from the user stack stored in memory. We can avoid these problems by:

  1. Ensuring that we keep up to date with all recent security bulletins form HP and CERT; these can highlight any known problems and associated patches to fix the problem.

  2. Use only programs from known, reputable sources.

  3. Ensure that the kernel variable executable_stack is set to 0 (zero), and allow only programs that need access to this feature to set the attribute using the chatr +es enable <program> command.



HP-UX CSE(c) Official Study Guide and Desk Reference
HP-UX CSE(c) Official Study Guide and Desk Reference
ISBN: N/A
EAN: N/A
Year: 2006
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net