Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
51525354555657585960
If you use other systems often and if you copy the .profile file from one system to
another, then adding the TMOUT variable to the .profile is more convenient. If you
typically stay on one system, then either method of locking the terminal can be used.
To configure the TMOUT variable, edit the .profile file as shown in the following:
# vi ~/.profile
export TMOUT=600 # (lock after 600 seconds of inactivity)
You can change the 600 to another desired value.
2.8.3.2 Configuring the CDE Lock Manager
You can configure the CDE lock manager to lock your screen after a certain amount of
inactive time. To configure the CDE lock manager to lock the screen after 10 minutes of
inactive time, enter the following commands:
# cp /usr/dt/config/C/sys.resources /etc/dt/config/C/sys.resources
# vi /etc/dt/config/C/sys.resources
dtsession*lockTimeout: 10
You can also use the Style Manager task panel to adjust the CDE lock manager. To do
this, click on the screen icon.
2.9 Protecting Against System Access by Remote Devices
To protect against system penetration by remote access, observe the following precautions:
Require the use of a hardware dial-back system for all interactive modems.
Require an additional password from modem users by adding an entry for the
modem device in /etc/dialups and, optionally, /etc/d_passwd. See
Section 2.9.1.
Have users renew their dial-in accounts frequently.
Cancel system access promptly when a user is no longer an employee.
Establish a regular audit schedule to review remote usage.
Connect the modems and dial-back equipment to a single HP-UX system, and allow
network services to reach the destination system from that point.
Make exceptions to dial-back for UUCP access. Additional restrictions are possible
through proper UUCP configuration. See uucp(1) for more information.
Another potential exception is file transfer via kermit. See kermit(1) for more
information.
If a security breach with unknown factors occurs, shut down both network and
telephone access and inform the network administrator.
To maximize security when configuring a dial-back modem system, dedicate the
dial-out mechanism to the dial-out function only. Do not configure it to accept dial-in.
Use another modem on another telephone line for your dial-in service.
2.9 Protecting Against System Access by Remote Devices 55