HPE Community
Operating System - HP-UX
1836484 Members
2405 Online
110101 Solutions
New Discussion

/etc/default/security

 
SOLVED
Go to solution
OFC_EDM
Respected Contributor

‎02-09-2006 08:42 AM

‎02-09-2006 08:42 AM

/etc/default/security

Is the use of the /etc/default/security file only for Trusted systems?

Or can I implement this file on a vanilla install of HP-UX 11.11?
The Devil is in the detail.
0 Kudos
Reply
13 REPLIES 13
James R. Ferguson
Acclaimed Contributor

‎02-09-2006 08:50 AM

‎02-09-2006 08:50 AM

Solution

Re: /etc/default/security

Hi Kevin:

You can use the 'etc/default/security' file on non-trusted systems.

Regards!

...JRF...
Reply
Steven E. Protter
Exalted Contributor

‎02-09-2006 08:53 AM

‎02-09-2006 08:53 AM

Re: /etc/default/security

Shalom Kevin

No, you can use it to set password requirements for length and complexity and a lot of other cool things that make your system more secure.

Shmuel
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎02-09-2006 08:53 AM

‎02-09-2006 08:53 AM

Re: /etc/default/security

Shalom Kevin

No, you can use it to set password requirements for length and complexity and a lot of other cool things that make your system more secure.

Don't need to be trusted to be secure.

Shmuel
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
OFC_EDM
Respected Contributor

‎02-09-2006 08:57 AM

‎02-09-2006 08:57 AM

Re: /etc/default/security

Thanks for the replies so far.

I was reading up on the security file and am I correct that it only works for users using the RSH shell?
The Devil is in the detail.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎02-09-2006 09:00 AM

‎02-09-2006 09:00 AM

Re: /etc/default/security

No - will work for users using the ksh, bsh, csh, bash, etc...

Reply
James R. Ferguson
Acclaimed Contributor

‎02-09-2006 09:03 AM

‎02-09-2006 09:03 AM

Re: /etc/default/security

Kevin:

As an aside, trusted systems are scheduled to be deprecated upon the release of 11iv3. What we now know as trusted systems features will become standard in that release.

If you are running 11.23 (11iv2), however, you can obtain these features as an add-on:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt
Regards!

...JRF...
0 Kudos
Reply
OFC_EDM
Respected Contributor

‎02-09-2006 09:05 AM

‎02-09-2006 09:05 AM

Re: /etc/default/security

I tried putting a security file in /etc/default

Made it World readable and root writable.

Put only the following parameter

NUMBER_OF_LOGINS_ALLOWED=1

Should this not allow only 1 login session per user?

I was able to login as many times as I wanted after creating the file.

Is there anything I have to do to make the /etc/default/security file "active"??
The Devil is in the detail.
0 Kudos
Reply
paolo barila
Valued Contributor

‎02-09-2006 09:33 AM

‎02-09-2006 09:33 AM

Re: /etc/default/security

# man security
share share share
0 Kudos
Reply
OFC_EDM
Respected Contributor

‎02-09-2006 09:38 AM

‎02-09-2006 09:38 AM

Re: /etc/default/security

Paolo,

Don't know which man page you're reading. But the MAN page for security on my system only mentions (summarized):

1) create a /etc/default/security file
2) Make it World readable and root Writable.
3) Put in the parameter definitions.

I've done all this and it doesn't seem to do anything. So I'm asking if there's anything else that needs to be done to implement the security file?
The Devil is in the detail.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎02-09-2006 09:53 AM

‎02-09-2006 09:53 AM

Re: /etc/default/security

Hi Kevin:

You need to see:

http://docs.hp.com/en/B2355-60127/security.4.html

Regards!

...JRF...
Reply
paolo barila
Valued Contributor

‎02-09-2006 09:56 AM

‎02-09-2006 09:56 AM

Re: /etc/default/security

Sorry, I didn't want to be unkind

if you use "ssh" maybe doesn't supports

NUMBER_OF_LOGINS_ALLOWED

try

NOLOGIN

feature

share share share
0 Kudos
Reply
paolo barila
Valued Contributor

‎02-09-2006 10:00 AM

‎02-09-2006 10:00 AM

Re: /etc/default/security

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=860549
share share share
Reply
Bill Hassell
Honored Contributor

‎02-09-2006 07:08 PM

‎02-09-2006 07:08 PM

Re: /etc/default/security

The security file has a FEW entries that work on an un-trusted system, but unfortunately, all of the options must be spelled exactly right, and your security patches must be up to date. If an option is not spelled right or there is a trailing # on the line, the line is silently ignored. Attached is sample security file with lots of comments. For a non-Trusted system, these items work OK (with security patches):

NOLOGIN=1
NUMBER_OF_LOGINS_ALLOWED=0
ABORT_LOGIN_ON_MISSING_HOMEDIR=0

You can also implement BOOT_AUTH and BOOT_USERS (but consider consequences if the root password is lost!).

The man page for security gives you the details on the settings.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.