Solved

unix security audit

Posted on 2011-03-08
5
501 Views
Last Modified: 2012-05-11
I need to know the Solaris / AIX / redhat file-setting that enforces:
Passwords must be at least 7 char long
Passwords must be alpah numeric.
The new password must not match any of the last 4 passwords
Account lockout after 6 attempts
Does the account auto unlock after so many minutes ?
Idle time in ssh is 15 minutes until it locks out your ssh sesson.

thank you





0
Comment
Question by:TIMFOX123
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 167 total points
ID: 35072749
In solaris OS this can be found under

under /etc/default
vi passwd

MAXWEEKS=8
MINWEEKS=
PASSLENGTH=8
WARNWEEKS=6
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 333 total points
ID: 35072814
AIX:

To list values:

lssec -f /etc/security/user -s default -a minlen -a minalpha -a minother -a histsize -a loginretries

There is no auto unlock in AIX. An ssh timeout does not exist either, see below how to emulate it.

To set the default values to what you desire:

chsec -f /etc/security/user -s default -a minlen=7 -a minalpha=1 -a minother=1 -a histsize=4 -a loginretries=6

Set values for individual users with:

chuser minlen=7 minalpha=1 minother=1 histsize=4 loginretries=6 userid

Emulate a 15 minute ssh timeout with:

ClientAliveCountMax 0
ClientAliveInterval 900

in /etc/ssh/sshd_config

wmp



0
 

Author Comment

by:TIMFOX123
ID: 35072832
thx,  

still a lot of things I still need :)  
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 333 total points
ID: 35081853
For RedHat check

/etc/pam.d/system-auth

wmp
0
 

Author Closing Comment

by:TIMFOX123
ID: 35084428
thx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now