Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Automate Enhanced Security settings

SOLVED
Go to solution
Eric van Dijken
Trusted Contributor

Automate Enhanced Security settings

How does one script the changing settings for the enhanced security options?

f.i. changing the number of unsuccesful login attempts from 5 to 3.
Watch, Think and Tinker.
4 REPLIES
Ralf Puchner
Honored Contributor
Solution

Re: Automate Enhanced Security settings

# apropos security
..
..
edauth
..
devassign
..

or have a simple look into the C2 admin guide:

t_maxtries must be changed with edauth

Help() { FirstReadManual(urgently); Go_to_it;; }
Eric van Dijken
Trusted Contributor

Re: Automate Enhanced Security settings

Was about to "sed" /etc/auth/system/default

But was sure there was a better way to do it, edauth should do the trick. Thanks.

Watch, Think and Tinker.
Ralf Puchner
Honored Contributor

Re: Automate Enhanced Security settings

have a look to the end of the man-page of edauth with a sample using "sed" ;-)
Help() { FirstReadManual(urgently); Go_to_it;; }
Eric van Dijken
Trusted Contributor

Re: Automate Enhanced Security settings

Using 5.1B (2650) and PK4, i have come up with the following sollution:

edauth -g -dd default | sed 's/:d_pw_expire_warning#3456000:/:d_pw_expire_warning#432000:/g' | edauth -s -
dd
edauth -g -dd default | sed 's/:d_accept_alternate_vouching@:/:d_accept_alternate_vouching@:d_skip_ttys_up
dates@:d_skip_success_login_log@:d_skip_fail_login_log@:d_null_psw_prompt#0:/g' | edauth -s -dd
edauth -g -dd default | sed 's/:u_exp#15724800:/:u_exp#2592000:/g' | edauth -s -dd
edauth -g -dd default | sed 's/:u_life#31449600:/:u_life#3024000:/g' | edauth -s -dd
edauth -g -dd default | sed 's/:u_maxtries#5:/:u_maxtries#3:/g' | edauth -s -dd

convuser -ai
rcmgr -c set SECURITY ENHANCED
/sbin/init.d/security start
/sbin/init.d/sia start

# Set the ROOT password.
usermod -p root << EOF
password01
password01
EOF

/sbin/init.d/xlogin restart

sysconfig -r vm vm_segmentation=0
sysconfig -r vfs noadd_exec_access=0

# Trim daily the Extended profile database journal
echo "# Start of entries to purge enhanced profile db logs" >> /var/spool/cron/crontabs/root
echo "0 2 * * * /usr/tcb/bin/db_checkpoint -1 -h /var/tcb/files && /usr/tcb/bin/db_archive -a -h /var/tcb/
files | /usr/bin/xargs /usr/bin/rm -f" >> /var/spool/cron/crontabs/root
echo "# End of entries to purge enhanced profile db logs" >> /var/spool/cron/crontabs/root


Don't think i have forgotten anything, but this should set the Enhanced Security from a script. Hope you find it usefull.
Watch, Think and Tinker.