--- "Newton, Ernie" <[log in to unmask]> wrote:
> Greetings,
>
> Vladimir visited us last week and again raked me
> over the coals for inadequate securities. It's an
> annual occurrence.
just say no :-)
> That being said, there are things I need to do. I found
> some logons without passwords and am curious about any
> ramifications there may be if I put an account password
> there. These seem to be "system" accounts that include;
> APACHE, JAVA, HPPL89, etc.
i just went thru the same exercise (sans vladimir) looking for account
with no account password and 'am' users in those accounts with no
passwords.
btw...this will find the above....from inside mpex
%repeat
%>veaudit listuser @.![racct.account](cap('am') and password='')
%>veaudit foraccts @ (password='')
i found basically the same accounts that you did. rarely
used...primarily software...accounts.
after reviewing the results (because i found some unexpected things), i
distilled the output down to a list of user.account names and dropped
that into a little file.
i threw together the following little script, that uses the above file
using io-redirection:
setvar _sp_eof1 finfo(HPSTDIN,"eof")
setvar _sp_i 0
while setvar(_sp_eof1,_sp_eof1-1) >= 0
input _sp_rec
setvar _sp_acct word(_sp_rec,,1)
setvar _sp_user word(_sp_rec,,2)
passgen _sp_pw
setvar _sp_cmd "altuser "+_sp_user+"."+_sp_acct
setvar _sp_cmd _sp_cmd+";pass="+_sp_pw
echo !_sp_cmd
endwhile
deletevar _sp_@
notice, i'm only echoing the altuser. the script is not actually doing
the command. it would be a relatively simple change to the script.
but i left it the was it is, so that i could do one last review of the
results. i copy-n-paste'd the output from the script....and did a
whole bunch of altusers real fast :-)
> Are there problems with putting account passwords on these
> types of accounts? Or, would it be better to put a
> user password?
i doubt it makes a difference. i chose to put on a user password....
oh....here's the passgen script.....
PARM varname, minlen=4, maxlen=8
# This script returns in the variable specified as "varname" a `random'
# name consisting of letters and numbers (cannot start with a number)
at
# least "minlen" characters long and not more than "maxlen" chars.
# expression for a "random" letter:
setvar letter "chr((hpcpumsecs mod 26)+ord('A'))"
# expression for a "random" number:
setvar number "chr((hpcpumsecs mod 10)+ord('0'))"
# expression for a "random" consonant
setvar consonants "bcdfghjklmnpqrstvwxyz"
setvar consonant "str(consonants,(hpcpumsecs mod 21)+1,1)"
# expression for a "random" vowel
setvar vowels "aeiou"
setvar vowel "str(vowels,(hpcpumsecs mod 5)+1,1)"
# first character must be a letter
setvar !varname !consonant
# now fill in the rest, must have at least "minlen" chars , up to
# "maxlen"
setvar i 1
setvar limit min((hpcpumsecs mod !maxlen)+!minlen, !maxlen)
while setvar(i,i+1) <= limit do
if odd(i) then
setvar !varname !varname + !consonant
else
setvar !varname !varname + !vowel
endif
endwhile
enjoy - d
=====
Donna Garverick, HP-CSA Sr. System Programmer
dgarverick -at- longs -dot- com
925-210-6631 Longs Drug Stores
Come, my friends, 'Tis not too late to seek a newer world.
Tho' much is taken, much abides; and tho'
We are not now that strength which in old days
Moved earth and heaven, that which we are, we are.
"Ulysses", A. Tennyson
>>>MY opinions, not Longs Drug Stores'<<<
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|