HPE Community
Operating System - HP-UX
1836620 Members
2017 Online
110102 Solutions
New Discussion

Hardening

 
nibble
Super Advisor

‎05-07-2003 07:31 PM

‎05-07-2003 07:31 PM

Hardening

hi guys, where could i set these defauly policies for all users:

??set the minimum length to 8 characters
??null passwords cannot be used
??password aging to 30 days
??account lifetime set to 0 dys
??password history to 5
??number of trys to enter a password before locking the account to 3
??set new accounts to be locked
??lockout duration to forever
??set auto disable of inactive accounts to 30 days
??enable last login prompt

i tried using sam, set it 1 by 1, but what if i have numerous users? i believe that there's a file (jes like linux) that should be edited to meet the requirements for default policies mentioned above.
0 Kudos
Reply
6 REPLIES 6
Michael Tully
Honored Contributor

‎05-07-2003 07:34 PM

‎05-07-2003 07:34 PM

Re: Hardening

Once your system is trusted, you can use the /etc/default/security file

There is a man page for it, that should give all the details you require.

$ man 4 security
Anyone for a Mutiny ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-07-2003 07:55 PM

‎05-07-2003 07:55 PM

Re: Hardening

Also once your system is trusted you can set default policies for all users.

Then you can make exceptions for root.

All in sam.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
nibble
Super Advisor

‎05-07-2003 08:59 PM

‎05-07-2003 08:59 PM

Re: Hardening

i have already converted it to a trusted system..but i could not find the /etc/default/security file. shall i create this file?
i tried man security but system says no manual for security

im using UX 11.00
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎05-08-2003 01:23 AM

‎05-08-2003 01:23 AM

Re: Hardening

hi,
eventhough the os is 11.00 u can create security file and put the entries.
PASSWORD_HISTORY_DEPTH=5
Like there are other entries.

In a trusted system u can set all those for all users at once. in sam goto auditing and security then system security policies

Regards

Never Say No
0 Kudos
Reply
Michael Tully
Honored Contributor

‎05-08-2003 01:28 AM

‎05-08-2003 01:28 AM

Re: Hardening

There could be a sample file that you can use under /usr/newconfig

If not you'll need to create one from scratch.
Anyone for a Mutiny ?
0 Kudos
Reply
Darren Prior
Honored Contributor

‎05-08-2003 01:33 AM

‎05-08-2003 01:33 AM

Re: Hardening

Hi,

The security file does not exist until you create it.

The man page for security isn't available at 11.00, only at 11i. Here's a link to the online man pages for 11i, check the S/Security page:

http://docs.hp.com/hpux/onlinedocs/B2355-90696/B2355-90696.html

Within SAM, you can set some of the policies you mentioned. Have a look at Auditing & Security -> System Security Policies. These values get ritten into /tcb/files/auth/system/default, however you shouldn't manually edit this file. The man page for this file is default(4) and is available on your 11.00 system.

regards,

Darren
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.