- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Patches needed for /etc/default/security
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:20 AM
12-19-2005 01:20 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:23 AM
12-19-2005 01:23 AM
Re: Patches needed for /etc/default/security
here you have the output van man security
security(4) security(4)
NAME
security - security defaults configuration file
DESCRIPTION
A number of system commands and features are configured based on
certain parameters defined in the /etc/default/security configuration
file. This file must be world readable and root writable.
Each line in the file is treated either as a comment or as
configuration information for a given system command or feature.
Comments are denoted by a # at the beginning of a line. Noncomment
lines are of the form, parameter=value.
If any parameter is not defined or is commented out in this file, the
default behavior detailed below will apply.
Parameter definitions, valid values, and defaults are defined as
follows:
ABORT_LOGIN_ON_MISSING_HOMEDIR
This parameter controls login behavior if a user's home
directory does not exist. This is applicable only for
non-root users.
ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with '/' as
the home directory if the user's home directory does
not exist.
ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login
session if the user's home directory does not exist.
Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new
passwords. It is not applicable to the root user on an
untrusted system.
MIN_PASSWORD_LENGTH=N New passwords must contain at
least N characters. For untrusted systems N can be any
value from 6 to 8. For trusted systems N can be any
value from 6 to 80.
Default value: MIN_PASSWORD_LENGTH=6
NOLOGIN This parameter controls whether non-root login can be
disabled by the /etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not
exit if the /etc/nologin file exists.
Hewlett-Packard Company - 1 - HP-UX Release 11i: Oct 2002
security(4) security(4)
NOLOGIN=1 Display the contents of the /etc/nologin
file and exit if the /etc/nologin file exists.
Default value: NOLOGIN=0
NUMBER_OF_LOGINS_ALLOWED
This parameter controls the number of simultaneous
logins allowed per user. This is applicable only for
non-root users.
NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are
allowed per user.
NUMBER_OF_LOGINS_ALLOWED=N N number of logins are
allowed per user.
Default value: NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This parameter controls the password history depth. A
new password is checked only against the number of most
recently used passwords stored in password history for
a particular user. A user is not allowed to re-use a
previously used password.
PASSWORD_HISTORY_DEPTH=N A new password is checked
against only the N most recently used passwords for a
particular user.
A configuration of password history depth of 2 prevents
users from alternating between two passwords. The
maximum password history depth supported is 10 and the
minimum password history depth supported is 1. A depth
configuration of more than 10 will be treated as 10,
and a depth configuration of less than 1 will be
treated as 1.
The password history depth configuration is on a system
basis and is supported in trusted system for users in
files repository only. This feature does not support
the users in NIS or NISPLUS repositories. Once the
feature is enabled, all the users on the system are
subject to the same check. If this parameter is not
configured, the password history check feature is
automatically disabled. When the feature is disabled,
the password history check depth is set to 1.
A password change is subject to all of the other rules
for a new password including a check with the current
password.
Hewlett-Packard Company - 2 - HP-UX Release 11i: Oct 2002
security(4) security(4)
Default value: PASSWORD_HISTORY_DEPTH=1
PASSWORD_MIN_
Parameters of this form are used to require new
passwords to have a minimum number of characters of
particular types (upper case, lower case, digits or
special characters). This can be helpful in enforcing
site security policies about selecting passwords that
are not easy to guess.
Note: These parameters apply only if the libpam_unix
patch PHCO_24606 or later is installed.
PASSWORD_MIN_UPPER_CASE_CHARS=N Specifies that a
minimum of N upper-case characters are required in a
password when changed.
PASSWORD_MIN_LOWER_CASE_CHARS=N Specifies that a
minimum of N lower-case characters are required in a
password when changed.
PASSWORD_MIN_DIGIT_CHARS=N Specifies that a minimum
of N digit characters are required in a password when
changed.
PASSWORD_MIN_SPECIAL_CHARS=N Specifies that a minimum
of N special characters are required in a password when
changed.
Default value: The default for each of these parameters
is zero.
SU_KEEP_ENV_VARS
This parameter forces su to propagate certain 'unsafe'
environment variables to its children despite the
security risk of doing so.
Note: This parameter is supported by the su patch
PHCO_27781 or later. By default, su does not export
the environment variables LD_LIBRARY_PATH, SHLIB_PATH
or LD_PRELOAD because they could be maliciously
misused. Any combination of these can be specified in
this entry, with a comma separating the variables.
Currently no other environment variables may be
specified in this way. This may change in future HP-UX
releases as security needs require.
SU_KEEP_ENV_VARS=var1,var2,...varN
Default value: If this parameter is not defined or if
it is commented out, none of these three environment
Hewlett-Packard Company - 3 - HP-UX Release 11i: Oct 2002
security(4) security(4)
variables will be propagated by the su command.
SU_ROOT_GROUP
This parameter defines the root group name for the su
command. Refer to su(1).
SU_ROOT_GROUP=group_name The root group name is set to
the specified symbolic group name. The su command
enforces the restriction that a non-superuser must be a
member of the specified root group to be allowed to su
to root. This does not alter password checking.
Default value: If this parameter is not defined or if
it is commented out, there is no default value. In
this case, a non superuser is allowed to be superuser
and su to root without being bound by root group
restrictions.
SU_DEFAULT_PATH
This parameter defines a new default PATH environment
value to be set when su to a non-superuser account is
done. Refer to su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to new_PATH when
the su command is invoked. The path value is not
validated. This parameter does not apply to a
superuser account, and is applicable only when the "-"
option is not used with the su command.
Default value: PATH is not changed.
AUTHOR
security was developed by HP.
FILES
/etc/default/security
SEE ALSO
init(1M), login(1), passwd(1), su(1), pam_unix(5).
Hewlett-Packard Company - 4 - HP-UX Release 11i: Oct 2002
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:30 AM
12-19-2005 01:30 AM
Re: Patches needed for /etc/default/security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:34 AM
12-19-2005 01:34 AM
Re: Patches needed for /etc/default/security
I don't think its going to work.
Hewlett-Packard Company - 1 - HP-UX Release 11i: Oct 2002
It may be an 11.11 added feature.
http://www.hp.com/products1/unix/operating/security/
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:39 AM
12-19-2005 01:39 AM
Re: Patches needed for /etc/default/security
That is one of my fears. I was reading an artical by Chris Wong that turned me onto that file. He stated that you would need the effective patch of PHCO_27721 for HP-UX 11.0.
http://newfdawg.com/SHP-RestShell.htm
I was hoping I could do it on this system but haven't been able to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:47 AM
12-19-2005 01:47 AM
Re: Patches needed for /etc/default/security
You *can* indeed use the '/etc/default/security' mechanism on 11.0. As I recall, it wasn't documented until later.
The patch notes for PHCO_27721 note, "...an /etc/default/security file must be created if it does not already exist. This file should be world readable and root writeable."
Regards!
..JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 01:53 AM
12-19-2005 01:53 AM
Solutionhttp://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=740081
Here's another reference:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=216645&admit=-682735245+1135003971758+28353475
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 02:11 AM
12-19-2005 02:11 AM
Re: Patches needed for /etc/default/security
PHCO_27721 is installed.
Should have checked that.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 02:13 AM
12-19-2005 02:13 AM
Re: Patches needed for /etc/default/security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2005 02:27 AM
12-19-2005 02:27 AM