HP Server rp7400 Hardware Manual - rp7400 - Page 135

Accessing Guardian Service Processor Internal Port, usr/lib/uucp/Systems

Get HP Server rp7400 PDF manuals and user guides View all HP Server rp7400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 135 highlights

Accessing Guardian Service Processor Internal Port Accessing Guardian Service Processor Internal Port The Guardian Service Processor (GSP) internal port can be used as a "back door" to reset security options in case the GSP administrator password is forgotten, for example. It can also be used in order to upgrade the GSP firmware from an HP-UX session. The internal port needs to be configured in order to use it. NOTE Updating the Guardian Service Processor via the Internal Port is not supported on the HP e3000 server. 1. On the system, the GSP internal port should be /dev/tty1p0. 2. SAM does not configure the GSP internal port. 3. If the device file is not present, it can be created as follows: #cd/dev #mknod tty1p0 c 1 0x010000 4. Since this allows unrestricted access to the GSP and bypasses GSP security features (no user or password required). Make sure to delete this device file when you have finished using it. 5. The internal port can be accessed via terminal emulators such as cu. To use cu, you need the follow entries (the entries must be exactly as shown): /usr/lib/uucp/Systems needs the following entry: gspiport Any;5 gspiport,f900 - ''''\r\d\r\d\r ogin:-BREAKogin: uucp asswrd: uucp-BREAK-ogin: uucp asswrd: uucp The spelling looks unusual, but it needs to be exactly as shown. /usr/lib/uucp/Devices needs the following entry: gspiport tty1p0 - 9600 direct 6. when all of the configuration is done, you should be able to access the GSP internal port with the cu command: cu-1/dev/tty1p0 7. To terminate the cu session, use "~." [return] 8. Kermit can also be used to access the special device file. See the kermit web pages for details. CAUTION Securing the /dev/tty1p0 device file with root capabilities will not prevent non-root users from accessing the GSP internal port. This is due to the fact that cu and kermit carry root access and run with the sticky bit enabled. To secure the internal port from unauthorized use, be sure to remove the /dev/tty1p0 file after using it. 135

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
Accessing Guardian Service Processor Internal Port
135
Accessing Guardian Service Processor Internal Port
The Guardian Service Processor (GSP) internal port can be used as a “back door” to reset security options in
case the GSP administrator password is forgotten, for example. It can also be used in order to upgrade the
GSP firmware from an HP-UX session. The internal port needs to be configured in order to use it.
NOTE
Updating the Guardian Service Processor via the Internal Port is not supported on the HP
e3000 server.
1. On the system, the GSP internal port should be /dev/tty1p0.
2. SAM does not configure the GSP internal port.
3. If the device file is not present, it can be created as follows:
#cd/dev
#mknod tty1p0 c 1 0x010000
4. Since this allows unrestricted access to the GSP and bypasses GSP security features (no user or password
required). Make sure to delete this device file when you have finished using it.
5. The internal port can be accessed via terminal emulators such as
cu
. To use
cu
, you need the follow
entries (the entries must be exactly as shown):
/usr/lib/uucp/Systems
needs the following entry:
gspiport Any;5 gspiport,f900 - ‘‘‘‘\r\d\r\d\r ogin:-BREAK-
ogin: uucp asswrd: uucp-BREAK-ogin: uucp asswrd: uucp
The spelling looks unusual, but it needs to be exactly as shown.
/usr/lib/uucp/Devices
needs the following entry:
gspiport tty1p0 - 9600 direct
6. when all of the configuration is done, you should be able to access the GSP internal port with the
cu
command:
cu-1/dev/tty1p0
7. To terminate the
cu
session, use “~.” [return]
8.
Kermit
can also be used to access the special device file. See the
kermit
web pages for details.
CAUTION
Securing the /dev/tty1p0 device file with root capabilities will not prevent non-root users from
accessing the GSP internal port. This is due to the fact that
cu
and
kermit
carry root access and
run with the sticky bit enabled.
To secure the internal port from unauthorized use, be sure to remove the /dev/tty1p0 file after
using it.