HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: /etc/default/security vs. Trusted
Operating System - HP-UX
1833513
Members
2944
Online
110061
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2006 08:33 AM
10-10-2006 08:33 AM
Hi,
I have some question regarding the options described in the
security defaults configuration file /etc/default/security
1. Do HP-UX 11.00 and 11.11 (both in trusted mode) support PASSWORD_MAXDAYS, PASSWORD_MINDAYS, PASSWORD_WARNDAYS ? I know I can set these configurations in a trusted system with modprpw/modprdef but I dont know if these variables work in these versions.
2. How these configurations(including MIN_PASSWORD_LENGTH now) work with the trusted system? If I have different configurations on the trusted directory (/tcb/*) and on the configuration file (/etc/default/security, which one takes preference? If I prefer using /etc/default/security will it keep in sync with the tcb directory?
Thanks!
I have some question regarding the options described in the
security defaults configuration file /etc/default/security
1. Do HP-UX 11.00 and 11.11 (both in trusted mode) support PASSWORD_MAXDAYS, PASSWORD_MINDAYS, PASSWORD_WARNDAYS ? I know I can set these configurations in a trusted system with modprpw/modprdef but I dont know if these variables work in these versions.
2. How these configurations(including MIN_PASSWORD_LENGTH now) work with the trusted system? If I have different configurations on the trusted directory (/tcb/*) and on the configuration file (/etc/default/security, which one takes preference? If I prefer using /etc/default/security will it keep in sync with the tcb directory?
Thanks!
Solved! Go to Solution.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2006 08:09 AM
10-11-2006 08:09 AM
Solution
1. I believe a patch is required to enable this functionality. If I recall correctly, the trusted mode implementation supports the equivalent of MAXDAYS and MINDAYS, but WARN days was slightly different depending on shadow vs. trusted. In trusted mode, you would use commands like modprdef to set these options rather than the /etc/default/security file (and I think the values in /etc/default/security will be overridden by tcb)
2. Trusted systems use the older /tcb file structure to retain this type of information. /etc/default/security and other recent enhancements allow you to get the trusted mode functionality without having to convert to a different "mode". Setting the options in one way will not necessarily sync with the other.
Suggestion: you can set values like this in SAM/secweb (general configuration) or HP-UX Bastille (hardening wizard, task focused), and whichever tool you use should put the system into a self-consistent state. SAM will require you to convert to trusted mode to get into account security policies, which was what you had to do at 11.00 initial release. Bastille will determine based on the features you request and the OS version whether or not it needs to convert to trusted mode to get you those settings.
Hope that helps.
-Keith
2. Trusted systems use the older /tcb file structure to retain this type of information. /etc/default/security and other recent enhancements allow you to get the trusted mode functionality without having to convert to a different "mode". Setting the options in one way will not necessarily sync with the other.
Suggestion: you can set values like this in SAM/secweb (general configuration) or HP-UX Bastille (hardening wizard, task focused), and whichever tool you use should put the system into a self-consistent state. SAM will require you to convert to trusted mode to get into account security policies, which was what you had to do at 11.00 initial release. Bastille will determine based on the features you request and the OS version whether or not it needs to convert to trusted mode to get you those settings.
Hope that helps.
-Keith
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP