https://community.hpe.com/t5/integrity-servers/how-to-edit-default-security-file/m-p/7033381#M13587 <P>The security file (/etc/default/security) has existed for many versions of HP-UX and is very badly documented in each release. Also, mistakes in the file, setting options that don't apply to your version, or lines with # anywhere on the line are ignored without comment. The only doc for this file is the man page: security</P><P>If you don't have your system setup as a Trusted System, that will be your first task. The majority of the security options are active for Trusted Systems. To see if your system is Trusted, do this:</P><PRE># ls -ld /tcb</PRE><P>If the /tcb directory is not there, your system is not trusted.</P><P>Here is a heavily commented security file that you can use as a starting point:</P><PRE># Security file: /etc/default/security -- 11.00 and higher only # Note: the contents of the security file are only meaningful # at specific versions of HP-UX and security patches. # And at 11.23 2005, a product called # "Standard Mode Security Extensions" # was created and adds additional security features to a non-Trusted # system. So the only accurate documentation as to the working options # in the security is: man security # Comments (#) allowed only on separate line, # trailing or imbedded # signs will invalidate the line ########################################################### # NOLOGIN=1 will enable the no logins allowed policy. # This prevents *ANY* non-root user from logging in when the file # /etc/nologin # exists. This file can be anything (including null) but will # be displayed before auto-logoff. Typically, a message about # system maintenance is stored there: # # SYSTEM ABC IS DOWN FOR MAINTENENCE, BACK at 11am # # Remove the file for normal logins. NOLOGIN=1 NUMBER_OF_LOGINS_ALLOWED=0 ABORT_LOGIN_ON_MISSING_HOMEDIR=0 # Single user mode authorization (11i and non-trusted only) ########################################################### # Requires root password to get into single user mode (CAREFUL) # BOOT_AUTH=1 # Users (besides root) that can boot into single user mode # BOOT_USERS=bill,jane,joe # Password controls - Trusted Systems only ################### MIN_PASSWORD_LENGTH=6 PASSWORD_HISTORY_DEPTH=1 PASSWORD_MIN_UPPER_CASE_CHARS=0 PASSWORD_MIN_LOWER_CASE_CHARS=0 PASSWORD_MIN_DIGIT_CHARS=0 PASSWORD_MIN_SPECIAL_CHARS=0 # Non-Trusted or shadow password setup only: # defaults: MAXDAYS=-1 MINDAYS=0 WARNDAYS=0 # PASSWORD_MAXDAYS=120 # PASSWORD_MINDAYS=7 # PASSWORD_WARNDAYS=7 # Session controls ################## UMASK=022 ## SU_ROOT_GROUP=suroot ## SU_DEFAULT_PATH=/usr/bin:/usr/contrib/bin: # SU_KEEP_ENV_VARS=LD_LIBRARY_PATH,SHLIB_PATH,LD_PRELOAD</PRE> Sun, 03 Feb 2019 07:08:07 GMT Bill Hassell 2019-02-03T07:08:07Z https://community.hpe.com/t5/integrity-servers/how-to-edit-default-security-file/m-p/7032952#M13580 We have received the request to change the password policy ,like password age, password Max days, password length.<BR /><BR />What is the procedure to edit /etc/default/security. After change we need to restart any services ?.. Thu, 31 Jan 2019 03:29:32 GMT https://community.hpe.com/t5/integrity-servers/how-to-edit-default-security-file/m-p/7032952#M13580 rajesh73 2019-01-31T03:29:32Z https://community.hpe.com/t5/integrity-servers/how-to-edit-default-security-file/m-p/7033381#M13587 <P>The security file (/etc/default/security) has existed for many versions of HP-UX and is very badly documented in each release. Also, mistakes in the file, setting options that don't apply to your version, or lines with # anywhere on the line are ignored without comment. The only doc for this file is the man page: security</P><P>If you don't have your system setup as a Trusted System, that will be your first task. The majority of the security options are active for Trusted Systems. To see if your system is Trusted, do this:</P><PRE># ls -ld /tcb</PRE><P>If the /tcb directory is not there, your system is not trusted.</P><P>Here is a heavily commented security file that you can use as a starting point:</P><PRE># Security file: /etc/default/security -- 11.00 and higher only # Note: the contents of the security file are only meaningful # at specific versions of HP-UX and security patches. # And at 11.23 2005, a product called # "Standard Mode Security Extensions" # was created and adds additional security features to a non-Trusted # system. So the only accurate documentation as to the working options # in the security is: man security # Comments (#) allowed only on separate line, # trailing or imbedded # signs will invalidate the line ########################################################### # NOLOGIN=1 will enable the no logins allowed policy. # This prevents *ANY* non-root user from logging in when the file # /etc/nologin # exists. This file can be anything (including null) but will # be displayed before auto-logoff. Typically, a message about # system maintenance is stored there: # # SYSTEM ABC IS DOWN FOR MAINTENENCE, BACK at 11am # # Remove the file for normal logins. NOLOGIN=1 NUMBER_OF_LOGINS_ALLOWED=0 ABORT_LOGIN_ON_MISSING_HOMEDIR=0 # Single user mode authorization (11i and non-trusted only) ########################################################### # Requires root password to get into single user mode (CAREFUL) # BOOT_AUTH=1 # Users (besides root) that can boot into single user mode # BOOT_USERS=bill,jane,joe # Password controls - Trusted Systems only ################### MIN_PASSWORD_LENGTH=6 PASSWORD_HISTORY_DEPTH=1 PASSWORD_MIN_UPPER_CASE_CHARS=0 PASSWORD_MIN_LOWER_CASE_CHARS=0 PASSWORD_MIN_DIGIT_CHARS=0 PASSWORD_MIN_SPECIAL_CHARS=0 # Non-Trusted or shadow password setup only: # defaults: MAXDAYS=-1 MINDAYS=0 WARNDAYS=0 # PASSWORD_MAXDAYS=120 # PASSWORD_MINDAYS=7 # PASSWORD_WARNDAYS=7 # Session controls ################## UMASK=022 ## SU_ROOT_GROUP=suroot ## SU_DEFAULT_PATH=/usr/bin:/usr/contrib/bin: # SU_KEEP_ENV_VARS=LD_LIBRARY_PATH,SHLIB_PATH,LD_PRELOAD</PRE> Sun, 03 Feb 2019 07:08:07 GMT https://community.hpe.com/t5/integrity-servers/how-to-edit-default-security-file/m-p/7033381#M13587 Bill Hassell 2019-02-03T07:08:07Z