1834254 Members
2244 Online
110066 Solutions
New Discussion

Hardening

 
nibble
Super Advisor

Hardening

hi guys, where could i set these defauly policies for all users:

??set the minimum length to 8 characters
??null passwords cannot be used
??password aging to 30 days
??account lifetime set to 0 dys
??password history to 5
??number of trys to enter a password before locking the account to 3
??set new accounts to be locked
??lockout duration to forever
??set auto disable of inactive accounts to 30 days
??enable last login prompt

i tried using sam, set it 1 by 1, but what if i have numerous users? i believe that there's a file (jes like linux) that should be edited to meet the requirements for default policies mentioned above.
6 REPLIES 6
Michael Tully
Honored Contributor

Re: Hardening

Once your system is trusted, you can use the /etc/default/security file

There is a man page for it, that should give all the details you require.

$ man 4 security
Anyone for a Mutiny ?
Steven E. Protter
Exalted Contributor

Re: Hardening

Also once your system is trusted you can set default policies for all users.

Then you can make exceptions for root.

All in sam.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
nibble
Super Advisor

Re: Hardening

i have already converted it to a trusted system..but i could not find the /etc/default/security file. shall i create this file?
i tried man security but system says no manual for security

im using UX 11.00
V. V. Ravi Kumar_1
Respected Contributor

Re: Hardening

hi,
eventhough the os is 11.00 u can create security file and put the entries.
PASSWORD_HISTORY_DEPTH=5
Like there are other entries.

In a trusted system u can set all those for all users at once. in sam goto auditing and security then system security policies

Regards

Never Say No
Michael Tully
Honored Contributor

Re: Hardening

There could be a sample file that you can use under /usr/newconfig

If not you'll need to create one from scratch.
Anyone for a Mutiny ?
Darren Prior
Honored Contributor

Re: Hardening

Hi,

The security file does not exist until you create it.

The man page for security isn't available at 11.00, only at 11i. Here's a link to the online man pages for 11i, check the S/Security page:

http://docs.hp.com/hpux/onlinedocs/B2355-90696/B2355-90696.html

Within SAM, you can set some of the policies you mentioned. Have a look at Auditing & Security -> System Security Policies. These values get ritten into /tcb/files/auth/system/default, however you shouldn't manually edit this file. The man page for this file is default(4) and is available on your 11.00 system.

regards,

Darren
Calm down. It's only ones and zeros...