https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234227#M734048 Excellent, I created the file and all is working. thanks to you all Fri, 18 Jul 2008 12:17:26 GMT wurzul 2008-07-18T12:17:26Z https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234223#M734044 I need to amend the global password policy on both a HP-UX 11.11 and 11.23 system. Both Systems are trusted - I need to change the following:<BR /><BR />1. Minimum password length chars<BR />2. Combination of alphabetic and numeric characters<BR />3. No old passwords<BR />4. Users required to change every x days<BR />5. Privileged users to change every x days<BR />6. Account lockout policy, account locks after x attempts<BR /><BR />I know some of these can be changed in SAM but others cannot. I’ve been having a poke around the Internet and the /etc/default/security file keeps cropping up. This file does not exist on by 11.11 system but does on my 11.23 system. <BR /><BR />If I can find / create this file on my 11.11 box and amend do I need to restart anything ?<BR /><BR />Can anybody point me in the right direction?<BR /><BR />Thanks<BR /> Tue, 15 Jul 2008 13:46:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234223#M734044 wurzul 2008-07-15T13:46:10Z https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234224#M734045 The /etc/default/security file did not exist on 11.11, you had to create it. You can just edit it manually and put what you need in it. I don't think you have to restart anything - the log in routines (if patched to include /etc/default/security) should check it automatically.<BR /><BR /><BR />Pete Tue, 15 Jul 2008 13:50:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234224#M734045 Pete Randall 2008-07-15T13:50:53Z https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234225#M734046 The security file does not exist at 11.11 -- you have to create it. I have attached an example with all the keywords mentioned in the man page for the file. NOTE: the format is quite unfriendly. Any line with a # in it, whether in column 1 or at the end of a string will skip that line without comment (no error message). Similarly, any line with a misspelled keyword will be silently ignored. That's why is is a good idea to use a template like this and modify it as needed. Tue, 15 Jul 2008 18:28:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234225#M734046 Bill Hassell 2008-07-15T18:28:00Z https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234226#M734047 Shalom,<BR /><BR />Definitely the right path but is it ever enough?<BR /><BR />Consider downloading Bstille and the special PERL5 release it needs from <A href="http://software.hp.com" target="_blank">http://software.hp.com</A> to further enhance security.<BR /><BR />SEP Tue, 15 Jul 2008 20:48:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234226#M734047 Steven E. Protter 2008-07-15T20:48:17Z https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234227#M734048 Excellent, I created the file and all is working. thanks to you all Fri, 18 Jul 2008 12:17:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/11-11-11-23-trusted-systems-amp-security/m-p/4234227#M734048 wurzul 2008-07-18T12:17:26Z