Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
51525354555657585960
ttp1:23:respawn:/usr/sbin/getty -h tty0p1 9600
ttp2:23:respawn:/usr/sbin/uugetty -h ttypd0p2 9600
Following is an example of changing run levels after normal work hours to disable
terminals and modems using a cron job. During the day, the run level is 3 and the ttp1
and ttp2 terminals can be used because they are at run levels 2 and 3. At 8:00 a.m.
from Monday through Friday, the system run level is set to 3:
# crontab -e
0 8 * * 1-5 /sbin/init 3
0 17 * * * /sbin/init 4
At 5:00 p.m. every day (the 17 in the previous example means 1700 hours or 5:00
p.m.), the system run level is changed to 4. The ttp1 and ttp2 terminals cannot operate
after 5:00p.m. because they are at run levels 2 and 3.
2.8.2 Protecting Terminal Device Files
If an intruder gains access to an open terminal, they can redirect a command to another
terminal window. In the following example, a remove (rm) command is redirected to
/dev/tty0p0:
# echo "\r rm -r / \r\033d" > /dev/tty0p0
To prevent messages from writing to a terminal, you can use the mesg -n (or mesg n)
command. This command revokes write permissions to users who do not have the
appropriate privileges. See mesg(1) and write(1) for more information.
# vi ~/.shrc
mesg n
Another way to protect the workstation or terminal is to use the xhost command. See
xhost(1) for more information. The xhost command defines the names of hosts and users
who are allowed to make connections to the workstation.
# xhost +Another.system
To allow all systems and users to access the workstation, thereby turning access control
off, use the following command:
# xhost +
2.8.3 Configuring the Screen Lock
This section discusses how to configure the screen lock using the TMOUT variable and
the CDE lock manager.
2.8.3.1 Configuring the TMOUT Variable
You can configure the TMOUT variable to automatically lock inactive terminals.
54 Administering User and System Security