Operating System - HP-UX
1837523 Members
3769 Online
110117 Solutions
New Discussion

11.11 / 11.23 Trusted systems & Security

 
SOLVED
Go to solution
wurzul
Frequent Advisor

11.11 / 11.23 Trusted systems & Security

I need to amend the global password policy on both a HP-UX 11.11 and 11.23 system. Both Systems are trusted - I need to change the following:

1. Minimum password length chars
2. Combination of alphabetic and numeric characters
3. No old passwords
4. Users required to change every x days
5. Privileged users to change every x days
6. Account lockout policy, account locks after x attempts

I know some of these can be changed in SAM but others cannot. I’ve been having a poke around the Internet and the /etc/default/security file keeps cropping up. This file does not exist on by 11.11 system but does on my 11.23 system.

If I can find / create this file on my 11.11 box and amend do I need to restart anything ?

Can anybody point me in the right direction?

Thanks
4 REPLIES 4
Pete Randall
Outstanding Contributor
Solution

Re: 11.11 / 11.23 Trusted systems & Security

The /etc/default/security file did not exist on 11.11, you had to create it. You can just edit it manually and put what you need in it. I don't think you have to restart anything - the log in routines (if patched to include /etc/default/security) should check it automatically.


Pete

Pete
Bill Hassell
Honored Contributor

Re: 11.11 / 11.23 Trusted systems & Security

The security file does not exist at 11.11 -- you have to create it. I have attached an example with all the keywords mentioned in the man page for the file. NOTE: the format is quite unfriendly. Any line with a # in it, whether in column 1 or at the end of a string will skip that line without comment (no error message). Similarly, any line with a misspelled keyword will be silently ignored. That's why is is a good idea to use a template like this and modify it as needed.


Bill Hassell, sysadmin
Steven E. Protter
Exalted Contributor

Re: 11.11 / 11.23 Trusted systems & Security

Shalom,

Definitely the right path but is it ever enough?

Consider downloading Bstille and the special PERL5 release it needs from http://software.hp.com to further enhance security.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
wurzul
Frequent Advisor

Re: 11.11 / 11.23 Trusted systems & Security

Excellent, I created the file and all is working. thanks to you all