topic Re: Hardening in Operating System - HP-UX

Hardening

nibble — Thu, 08 May 2003 02:31:11 GMT

hi guys, where could i set these defauly policies for all users:

??set the minimum length to 8 characters
??null passwords cannot be used
??password aging to 30 days
??account lifetime set to 0 dys
??password history to 5
??number of trys to enter a password before locking the account to 3
??set new accounts to be locked
??lockout duration to forever
??set auto disable of inactive accounts to 30 days
??enable last login prompt

i tried using sam, set it 1 by 1, but what if i have numerous users? i believe that there's a file (jes like linux) that should be edited to meet the requirements for default policies mentioned above.

Re: Hardening

Michael Tully — Thu, 08 May 2003 02:34:35 GMT

Once your system is trusted, you can use the /etc/default/security file

There is a man page for it, that should give all the details you require.

$ man 4 security

Re: Hardening

Steven E. Protter — Thu, 08 May 2003 02:55:13 GMT

Also once your system is trusted you can set default policies for all users.

Then you can make exceptions for root.

All in sam.

SEP

Re: Hardening

nibble — Thu, 08 May 2003 03:59:19 GMT

i have already converted it to a trusted system..but i could not find the /etc/default/security file. shall i create this file?
i tried man security but system says no manual for security

im using UX 11.00

Re: Hardening

V. V. Ravi Kumar_1 — Thu, 08 May 2003 08:23:35 GMT

hi,
eventhough the os is 11.00 u can create security file and put the entries.
PASSWORD_HISTORY_DEPTH=5
Like there are other entries.

In a trusted system u can set all those for all users at once. in sam goto auditing and security then system security policies

Regards

Re: Hardening

Michael Tully — Thu, 08 May 2003 08:28:09 GMT

There could be a sample file that you can use under /usr/newconfig

If not you'll need to create one from scratch.

Re: Hardening

Darren Prior — Thu, 08 May 2003 08:33:32 GMT

Hi,

The security file does not exist until you create it.

The man page for security isn't available at 11.00, only at 11i. Here's a link to the online man pages for 11i, check the S/Security page:

http://docs.hp.com/hpux/onlinedocs/B2355-90696/B2355-90696.html

Within SAM, you can set some of the policies you mentioned. Have a look at Auditing & Security -> System Security Policies. These values get ritten into /tcb/files/auth/system/default, however you shouldn't manually edit this file. The man page for this file is default(4) and is available on your 11.00 system.

regards,

Darren