HPE Community
Operating System - HP-UX
1836772 Members
2335 Online
110109 Solutions
New Discussion

Re: Trusted System - any command to query the settings ?

 
SOLVED
Go to solution
S.Rider
Regular Advisor

‎07-20-2006 02:16 PM

‎07-20-2006 02:16 PM

Trusted System - any command to query the settings ?

I would like to check the
" sam - auditing & security - password format policies - User Specifies "
setting on all my systems. What's the command I can specify to display this parm ?
Ride Boldly Ride, but watch out for El Dorado's
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎07-20-2006 02:37 PM

‎07-20-2006 02:37 PM

Re: Trusted System - any command to query the settings ?

cat /etc/default/security

That a portion of it.

Next you cat /tcb/files/auth/system/default

You will probably need to do a man prpwd to make sense of the last command. The system/default tcb entries define the settings unless overrideen by specific
settings in a particular user's tcb entry.
------------------------------------------
If this is SOX-related, some admins who will remain nameless have been known to simply cat those two files and present them as evidence w/o bothering to explain anything to the auditors --- who would then be forced to admit that they don't have a clue what they are looking at or choose to remain silent so the assumption is that they do know what they are loking at. Of course, I'm speaking completely hypothetically.
If it ain't broke, I can fix that.
Reply
Bill Hassell
Honored Contributor

‎07-20-2006 02:47 PM

‎07-20-2006 02:47 PM

Solution

Re: Trusted System - any command to query the settings ?

As Clay stated so eloquently, the data files and settings are indeed quite cryptic. So I wrote a script to decode all of this into a readable form. If you read the script, you'll see all the gyrations needed to summarize the settings.


Bill Hassell, sysadmin
Reply
Raj D.
Honored Contributor

‎07-20-2006 02:58 PM

‎07-20-2006 02:58 PM

Re: Trusted System - any command to query the settings ?

Rider,

/tcb/files/auth/system/default file will have the security policy settings .

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎07-20-2006 03:50 PM

‎07-20-2006 03:50 PM

Re: Trusted System - any command to query the settings ?

To see the systemwide policies you could use the following comand
/usr/lbin/getprdef -b -p -t

and to see the user specific you need to run

/usr/lbin/getprpw

0 Kudos
Reply
Sundar_7
Honored Contributor

‎07-21-2006 07:53 AM

‎07-21-2006 07:53 AM

Re: Trusted System - any command to query the settings ?

Jay,

/usr/lbin/getprdef -b will tell you the password format policies (like whether user is allowed to pick the password or the system generates etc).

This is global or system wide.

To get the individual user settings

/usr/lbin/getprpw -m usrpick,syspnpw,rstrpw,nullpw,syschpw,sysltpw root

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.