HPE Community
Operating System - HP-UX
1832193 Members
4286 Online
110038 Solutions
New Discussion

Re: HPUX account / password for SOX

 
Matt Mumford
Occasional Advisor

‎03-24-2005 01:04 AM

‎03-24-2005 01:04 AM

HPUX account / password for SOX

Hey all,

As part of our SOX audit we have been asked to apply some sticter guidlines to our HPUX systems. Currently our production system is running HPUX 11.11. and there is a basic set of rules for passwords. Must be 6 characters, must have a numerical value. However, I want to add history to this, expire date, failed atempt lock out, etc. How can I do this. Should I convert the HPUX box to a trusted system? Is thier a 3rd party app? What is the best way?
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎03-24-2005 01:08 AM

‎03-24-2005 01:08 AM

Re: HPUX account / password for SOX

Matt,

You can do this with the /etc/default/security file. Have a look at "man security" - particularly the section on PASSWORD_HISTORY_DEPTH. You should note, however, that the system must be trusted.


Pete

Pete
0 Kudos
Reply
RAC_1
Honored Contributor

‎03-24-2005 01:08 AM

‎03-24-2005 01:08 AM

Re: HPUX account / password for SOX

You won't get all these unless you convert to trusted system. There are thrird party apps for these like power broker.

Also note, when you convert to trusted system all password will expire. (If you do it on command line. Then immediately after you convert to trusted system, do /usr/lbin/modprpw -V.)
If you do this through SAM, SAM itself takes care of it.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎03-24-2005 04:32 AM

‎03-24-2005 04:32 AM

Re: HPUX account / password for SOX

Matt -
We too are going through a SOX audit. As mentioned we use a security file, as well as, check for failed logins, restricting ftp to not allow replacements, executions, etc.
Of course, all of this is a real hinderance to our developers, but they would cry over the littlest security measures in any event.
Anytime one has to increase security to meet audit requirements then development pays the price.
If you are a publicly traded company, this is simply another cost of doing business.

Best of luck on your audit.

Regards,

dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
Dwyane Everts_1
Honored Contributor

‎03-24-2005 06:02 AM

‎03-24-2005 06:02 AM

Re: HPUX account / password for SOX

Matt,

Another option to look into is LDAP integration. If you are using Active Directory (AD) in your environment, you can integrate your UX/Linux systems to authenticate against your AD environment. It offers you a "Single-Sign On"-type environment, and allows the AD environment to control passwords altogether.

Something to consider...this is what we are currently implementing as part of our SOX compliance.

Dwyane
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.