HPE Community
Operating System - HP-UX
1753500 Members
4230 Online
108794 Solutions
New Discussion юеВ

Re: Need to get password Attributes

 
Vidhya B
Frequent Advisor

тАО06-01-2011 07:07 PM

тАО06-01-2011 07:07 PM

Need to get password Attributes

Hi all,

Kindly help me how to get the followin following attributes through a command.
I can understand that I can view them in /etc/default/security file. But I need to find them through command.

PASSWORD_HISTORY_DEPTH
ABORT_LOGIN_ON_MISSING_HOMEDIR
MIN_PASSWORD_LENGTH
PASSWORD_MIN_UPPER_CASE_CHARS
PASSWORD_MIN_DIGIT_CHARS
PASSWORD_MIN_SPECIAL_CHARS
PASSWORD_MAXDAYS
PASSWORD_MINDAYS
PASSWORD_WARNDAYS

Thanks in Advance!!!
0 Kudos
Reply
11 REPLIES 11
Steven Schweda
Honored Contributor

тАО06-01-2011 07:31 PM

тАО06-01-2011 07:31 PM

Re: Need to get password Attributes

> [...] But I need to find them through
> command.

cat /etc/default/security

What, exactly, do you mean? What, exactly,
does "find them through command" mean to you?
What, exactly, would you like to do?

grep PASSWORD_HISTORY_DEPTH /etc/default/security

There it is. Now what?
0 Kudos
Reply
Vidhya B
Frequent Advisor

тАО06-01-2011 07:47 PM

тАО06-01-2011 07:47 PM

Re: Need to get password Attributes

Hi,

I can understand that I can grep.

I am writing a script to review hardening policies.
If I grep from that file and then compare values, it will make it length.

In order to find the umask, we will use the command umask. In the similar way if there is any specific command(s) which gives me the output for the above attributes.

For eg regarding PASSWORD_HISTORY_DEPTH, If my PASSWORD_HISTORY_DEPTH is 5, then if I am able to get a command which gives me this value directly, I will be able to assign it to a variable and compare with the actual hardening policy.
This will reduce time and length of the script.

Please help.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО06-01-2011 08:20 PM

тАО06-01-2011 08:20 PM

Re: Need to get password Attributes

> I am writing a script [...]

Should I have known that?

> [...] assign it to a variable [...]

Should I have known that?

> I can understand that I can grep.

That's good, but you seem to need to learn
some shell script basics. For example, ``
or $() can be used to work with the output of
a command (or pipeline).

phd=` grep PASSWORD_HISTORY_DEPTH \
/etc/default/security | \
sed -e 's/.*=//' `

echo $phd

Interactively:

dyi # phd=` grep PASSWORD_HISTORY_DEPTH \
> /etc/default/security | \
> sed -e 's/.*=//' `

dyi # echo $phd
4
0 Kudos
Reply
Vidhya B
Frequent Advisor

тАО06-01-2011 09:10 PM

тАО06-01-2011 09:10 PM

Re: Need to get password Attributes

Hi,

Actually I have another issue even.

There are few entries in that file which is already commented.

So If two PASSWORD_HISTORY_DEPTH(one commented) exist in the file, then that will cause problem again.
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО06-01-2011 10:57 PM

тАО06-01-2011 10:57 PM

Re: Need to get password Attributes

So further judicious use of the sed command should get rid of any comment lines (and blank lines):

SO you had:

phd=` grep PASSWORD_HISTORY_DEPTH \
/etc/default/security | \
sed -e 's/.*=//' `

echo $phd

That could become:

phd=` sed -e 's/#.*//g' -e '/^$/d' \
/etc/default/security | \
grep PASSWORD_HISTORY_DEPTH | \
sed -e 's/.*=//' `

echo $phd

You could probably make this more efficient by combining those sed calls into one, but I've left them seperate so you can get a feel for what is happening here...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО06-02-2011 08:06 AM

тАО06-02-2011 08:06 AM

Re: Need to get password Attributes

> [...] (and blank lines):

How easy is it to find a blank line which
also has the desired keyword on it?
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО06-02-2011 09:39 AM

тАО06-02-2011 09:39 AM

Re: Need to get password Attributes

>> How easy is it to find a blank line which
>> also has the desired keyword on it?

Ha! I take your point - I guess I was using it out of context - I'm in the habit of always putting those two sed constructs together as I'm ass-u-me(ing) the output will be read by a person rather than another command in a pipeline...

for example... I don't like the output of:

swlist -l fileset -a state

I much prefer to look at :

swlist -l fileset -a state | sed -e 's/#.*//g' -e '/^$/d'

So I left it in in this case cos I thought the original poster might be curious enough to deconstruct the pipeline, and it would show him a cleaner output...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО06-02-2011 01:13 PM

тАО06-02-2011 01:13 PM

Re: Need to get password Attributes

> [...] I thought the original poster might
> be curious enough [...]

I wish, but there's not much evidence for it.
0 Kudos
Reply
Dan Bolton
Frequent Advisor

тАО06-03-2011 07:45 AM

тАО06-03-2011 07:45 AM

Re: Need to get password Attributes

Or you could reject the comment lines by using:

phd=` grep ^PASSWORD_HISTORY_DEPTH /etc/default/security ...

thus anchoring the expression to the beginning of the line. ("man 5 regexp" if you need further info).

-db

...skid in sideways, chocolate in one hand, martini in the other, totally worn out and screaming, "WOO HOO what a ride!"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.