- Community Home
- >
- Servers and Operating Systems
- >
- Integrity Servers
- >
- Re: How to edit default security file
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2019 07:29 PM
01-30-2019 07:29 PM
How to edit default security file
What is the procedure to edit /etc/default/security. After change we need to restart any services ?..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2019 11:08 PM
02-02-2019 11:08 PM
Re: How to edit default security file
The security file (/etc/default/security) has existed for many versions of HP-UX and is very badly documented in each release. Also, mistakes in the file, setting options that don't apply to your version, or lines with # anywhere on the line are ignored without comment. The only doc for this file is the man page: security
If you don't have your system setup as a Trusted System, that will be your first task. The majority of the security options are active for Trusted Systems. To see if your system is Trusted, do this:
# ls -ld /tcb
If the /tcb directory is not there, your system is not trusted.
Here is a heavily commented security file that you can use as a starting point:
# Security file: /etc/default/security -- 11.00 and higher only # Note: the contents of the security file are only meaningful # at specific versions of HP-UX and security patches. # And at 11.23 2005, a product called # "Standard Mode Security Extensions" # was created and adds additional security features to a non-Trusted # system. So the only accurate documentation as to the working options # in the security is: man security # Comments (#) allowed only on separate line, # trailing or imbedded # signs will invalidate the line ########################################################### # NOLOGIN=1 will enable the no logins allowed policy. # This prevents *ANY* non-root user from logging in when the file # /etc/nologin # exists. This file can be anything (including null) but will # be displayed before auto-logoff. Typically, a message about # system maintenance is stored there: # # SYSTEM ABC IS DOWN FOR MAINTENENCE, BACK at 11am # # Remove the file for normal logins. NOLOGIN=1 NUMBER_OF_LOGINS_ALLOWED=0 ABORT_LOGIN_ON_MISSING_HOMEDIR=0 # Single user mode authorization (11i and non-trusted only) ########################################################### # Requires root password to get into single user mode (CAREFUL) # BOOT_AUTH=1 # Users (besides root) that can boot into single user mode # BOOT_USERS=bill,jane,joe # Password controls - Trusted Systems only ################### MIN_PASSWORD_LENGTH=6 PASSWORD_HISTORY_DEPTH=1 PASSWORD_MIN_UPPER_CASE_CHARS=0 PASSWORD_MIN_LOWER_CASE_CHARS=0 PASSWORD_MIN_DIGIT_CHARS=0 PASSWORD_MIN_SPECIAL_CHARS=0 # Non-Trusted or shadow password setup only: # defaults: MAXDAYS=-1 MINDAYS=0 WARNDAYS=0 # PASSWORD_MAXDAYS=120 # PASSWORD_MINDAYS=7 # PASSWORD_WARNDAYS=7 # Session controls ################## UMASK=022 ## SU_ROOT_GROUP=suroot ## SU_DEFAULT_PATH=/usr/bin:/usr/contrib/bin: # SU_KEEP_ENV_VARS=LD_LIBRARY_PATH,SHLIB_PATH,LD_PRELOAD
Bill Hassell, sysadmin