msgbartop
Tips and Tricks site for advanced HP-UX Engineers
msgbarbottom

28 Apr 17 Handle with care: TCP wrappers /etc/hosts.allow

Real life story.

DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow
sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : AAL@208.94.61.*:ALLOW

Should have been:

sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : ALL@208.94.61.*:ALLOW

That network was the firewall to the outside world.

The end users were inconvenienced and the firewall team wasted a lot of time reviewing rues and looking at logs.

24 Jan 14 How to reset auth retry count on hp-ux 11.31

I really published this as a self reference document so I can find it next time this happens and I forget how to fix it.

root logins fail enough time to lock the root password. You power cycle the box and boot single user mode to fix the problem.

userdbset -d -u root auth_failures