HPE Community
Operating System - HP-UX
1834449 Members
7172 Online
110067 Solutions
New Discussion

Customized C2

 
Alvaro Garcia_1
Occasional Contributor

‎10-25-2004 09:28 AM

‎10-25-2004 09:28 AM

Customized C2

Hello

I want to know if is possible to enable c2 in HPUX 11.11 and customize it.

I need to install an ISS server Sensor and I need enable audit but I don´t want any other restrictions like logging device restictions, Automatic user account expiration, forcing all passwords to conform to minimum complex requeriments, Preventing reuse of passwords, account logging restrictions, etc

How can I do that
0 Kudos
Reply
4 REPLIES 4
Sundar_7
Honored Contributor

‎10-25-2004 09:38 AM

‎10-25-2004 09:38 AM

Re: Customized C2

You need to convert to a trusted system. that will make your HP-UX C2-level security complaint.

You can use sam to convert to trusted system or you can use /usr/lbin/tsconvert with -c option.

Once the system is converted, you can enable auditing.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Alvaro Garcia_1
Occasional Contributor

‎10-25-2004 09:41 AM

‎10-25-2004 09:41 AM

Re: Customized C2

My question is:

After enable C2 How can I do to disable the new features like logging device restictions, Automatic user account expiration, forcing all passwords to conform to minimum complex requeriments, Preventing reuse of passwords, account logging restrictions, etc?

0 Kudos
Reply
Sundar_7
Honored Contributor

‎10-25-2004 10:15 AM

‎10-25-2004 10:15 AM

Re: Customized C2

1) Logging device restriction

Dont worry about this one. By default there is no restiction on this one. Moreover, it applies only to hard-wired terminals, not for the pseudo terminals

2) Automatical user account expiration

By default there is no expiration.

3) Password complexity

/sbin/passwd bypasses all the checks for the password validity. You can rename /usr/bin/password to soemthing else and link /usr/bin/passwd to /sbin/passwd. One problem is that, /sbin/passwd by default tries to change the password of root, not the user's as is the case with /usr/bin/passwd

4)Account logging restrictions

There are no account logging restrictions enabled by default.

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-25-2004 10:24 AM

‎10-25-2004 10:24 AM

Re: Customized C2

Hi,

Once you enable trusting, all the accounts will be expired immediately. You will need to go into 'sam' -> Auditing and Security -> System Security Policies and disable/customize all the options that you need. If you disable everything, what you will have effectively will be the password files in a secured database.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.