HPE Community
Operating System - HP-UX
1837523 Members
3769 Online
110117 Solutions
New Discussion

11.11 / 11.23 Trusted systems & Security

 
SOLVED
Go to solution
wurzul
Frequent Advisor

‎07-15-2008 06:46 AM

‎07-15-2008 06:46 AM

11.11 / 11.23 Trusted systems & Security

I need to amend the global password policy on both a HP-UX 11.11 and 11.23 system. Both Systems are trusted - I need to change the following:

1. Minimum password length chars
2. Combination of alphabetic and numeric characters
3. No old passwords
4. Users required to change every x days
5. Privileged users to change every x days
6. Account lockout policy, account locks after x attempts

I know some of these can be changed in SAM but others cannot. I’ve been having a poke around the Internet and the /etc/default/security file keeps cropping up. This file does not exist on by 11.11 system but does on my 11.23 system.

If I can find / create this file on my 11.11 box and amend do I need to restart anything ?

Can anybody point me in the right direction?

Thanks
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎07-15-2008 06:50 AM

‎07-15-2008 06:50 AM

Solution

Re: 11.11 / 11.23 Trusted systems & Security

The /etc/default/security file did not exist on 11.11, you had to create it. You can just edit it manually and put what you need in it. I don't think you have to restart anything - the log in routines (if patched to include /etc/default/security) should check it automatically.


Pete

Pete
Reply
Bill Hassell
Honored Contributor

‎07-15-2008 11:28 AM

‎07-15-2008 11:28 AM

Re: 11.11 / 11.23 Trusted systems & Security

The security file does not exist at 11.11 -- you have to create it. I have attached an example with all the keywords mentioned in the man page for the file. NOTE: the format is quite unfriendly. Any line with a # in it, whether in column 1 or at the end of a string will skip that line without comment (no error message). Similarly, any line with a misspelled keyword will be silently ignored. That's why is is a good idea to use a template like this and modify it as needed.


Bill Hassell, sysadmin
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-15-2008 01:48 PM

‎07-15-2008 01:48 PM

Re: 11.11 / 11.23 Trusted systems & Security

Shalom,

Definitely the right path but is it ever enough?

Consider downloading Bstille and the special PERL5 release it needs from http://software.hp.com to further enhance security.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
wurzul
Frequent Advisor

‎07-18-2008 05:17 AM

‎07-18-2008 05:17 AM

Re: 11.11 / 11.23 Trusted systems & Security

Excellent, I created the file and all is working. thanks to you all
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.