Showing results for 
Search instead for 
Did you mean: 

Enhanced Security Migration

Occasional Visitor

Enhanced Security Migration

This a question regarding the overall process of migrating to Enhanced Security. I have a few questions of how this process works, and wondered if anybody would be able to help with them.
We are running Tru64 V5.1A (rev. 1885) and to meet audit requirements we need to be able to specify password lifetimes, minimum password lengths etc. It would seem that moving to enhanced security is the logical choice here.
I notice there is a check box when using sysman to specify the security level, with the choices being ‘base’ and ‘enhanced’ (as I recall). I doubt the process is as simple as checking the enhanced box here; just what are the steps involved?
Will the process require any downtime, or can the server be patched/upgraded ‘hot’?
We are running Oracle 9i on the Tru64 server, will there be any implications as far as our database is concerned (aside from the oracle user having to have its password changed)?
Any help, words of advice from the experienced, or horror stories will be appreciated.
Ann Majeske
Honored Contributor

Re: Enhanced Security Migration

There's lots of information in the Security manual. You will have to reboot the system.
Alexey Borchev
Regular Advisor

Re: Enhanced Security Migration

1) I've run Tru64 5.1A with C2 (aka C2 scurity, aka Enhanced security) (and with NIS on top of C2) - it's just working.
2) C2 does help against audit. Try automatic password generation feature - I am happy with it. See templates feature, too.
3)It's better to swithch system to C2 though sysman menu. Apart from â enhancedâ , it will ask You more questions.
- Do not disable segment sharing (unless You really need this). it will increase memory consumption.
- Execute bit set by root only - I've set Yes.
- Executable stack - No.

It's right time to configure audit. I've enabled it, and set default role as 'server'.

You'll need to reboot.

4) All users will need to change thir passwords.

5) Oracle is Ok with C2.
Tru4.0F + Ora7 = OK
Tru5.1A + Ora8 = OK,
Tru5.1B + Ora9.2.0.5 = OK,
I don't know about exactly 5.1A+Ora9, but I balieve that's OK too.

6) If You running NIS on top of C2 - NIS clients should be with Enhanced security too.

7) No horror stories yet, sorry. :-)

If you choose to turn on audit, then turn off automated audit cleaning. It does not work properly - do it quaterly manually.

The fire follows shedule...