https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407468#M863735 Hello<BR /><BR />I want to know if is possible to enable c2 in HPUX 11.11 and customize it. <BR /><BR />I need to install an ISS server Sensor and I need enable audit but I don´t want any other restrictions like logging device restictions, Automatic user account expiration, forcing all passwords to conform to minimum complex requeriments, Preventing reuse of passwords, account logging restrictions, etc<BR /><BR />How can I do that Mon, 25 Oct 2004 16:28:08 GMT Alvaro Garcia_1 2004-10-25T16:28:08Z https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407468#M863735 Hello<BR /><BR />I want to know if is possible to enable c2 in HPUX 11.11 and customize it. <BR /><BR />I need to install an ISS server Sensor and I need enable audit but I don´t want any other restrictions like logging device restictions, Automatic user account expiration, forcing all passwords to conform to minimum complex requeriments, Preventing reuse of passwords, account logging restrictions, etc<BR /><BR />How can I do that Mon, 25 Oct 2004 16:28:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407468#M863735 Alvaro Garcia_1 2004-10-25T16:28:08Z https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407469#M863736 You need to convert to a trusted system. that will make your HP-UX C2-level security complaint.<BR /><BR />You can use sam to convert to trusted system or you can use /usr/lbin/tsconvert with -c option.<BR /><BR />Once the system is converted, you can enable auditing. Mon, 25 Oct 2004 16:38:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407469#M863736 Sundar_7 2004-10-25T16:38:00Z https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407470#M863737 My question is:<BR /><BR />After enable C2 How can I do to disable the new features like logging device restictions, Automatic user account expiration, forcing all passwords to conform to minimum complex requeriments, Preventing reuse of passwords, account logging restrictions, etc?<BR /><BR /> Mon, 25 Oct 2004 16:41:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407470#M863737 Alvaro Garcia_1 2004-10-25T16:41:07Z https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407471#M863738 1) Logging device restriction<BR /><BR /> Dont worry about this one. By default there is no restiction on this one. Moreover, it applies only to hard-wired terminals, not for the pseudo terminals <BR /><BR />2) Automatical user account expiration<BR /><BR /> By default there is no expiration. <BR /><BR />3) Password complexity<BR /><BR /> /sbin/passwd bypasses all the checks for the password validity. You can rename /usr/bin/password to soemthing else and link /usr/bin/passwd to /sbin/passwd. One problem is that, /sbin/passwd by default tries to change the password of root, not the user's as is the case with /usr/bin/passwd<BR /><BR />4)Account logging restrictions<BR /><BR /> There are no account logging restrictions enabled by default.<BR /><BR /> Mon, 25 Oct 2004 17:15:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407471#M863738 Sundar_7 2004-10-25T17:15:49Z https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407472#M863739 Hi,<BR /><BR />Once you enable trusting, all the accounts will be expired immediately. You will need to go into 'sam' -&gt; Auditing and Security -&gt; System Security Policies and disable/customize all the options that you need. If you disable everything, what you will have effectively will be the password files in a secured database.<BR /><BR />-Sri Mon, 25 Oct 2004 17:24:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/customized-c2/m-p/3407472#M863739 Sridhar Bhaskarla 2004-10-25T17:24:02Z