Solved

unix security audit

Posted on 2011-03-08
5
497 Views
Last Modified: 2012-05-11
I need to know the Solaris / AIX / redhat file-setting that enforces:
Passwords must be at least 7 char long
Passwords must be alpah numeric.
The new password must not match any of the last 4 passwords
Account lockout after 6 attempts
Does the account auto unlock after so many minutes ?
Idle time in ssh is 15 minutes until it locks out your ssh sesson.

thank you





0
Comment
Question by:TIMFOX123
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 167 total points
ID: 35072749
In solaris OS this can be found under

under /etc/default
vi passwd

MAXWEEKS=8
MINWEEKS=
PASSLENGTH=8
WARNWEEKS=6
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 333 total points
ID: 35072814
AIX:

To list values:

lssec -f /etc/security/user -s default -a minlen -a minalpha -a minother -a histsize -a loginretries

There is no auto unlock in AIX. An ssh timeout does not exist either, see below how to emulate it.

To set the default values to what you desire:

chsec -f /etc/security/user -s default -a minlen=7 -a minalpha=1 -a minother=1 -a histsize=4 -a loginretries=6

Set values for individual users with:

chuser minlen=7 minalpha=1 minother=1 histsize=4 loginretries=6 userid

Emulate a 15 minute ssh timeout with:

ClientAliveCountMax 0
ClientAliveInterval 900

in /etc/ssh/sshd_config

wmp



0
 

Author Comment

by:TIMFOX123
ID: 35072832
thx,  

still a lot of things I still need :)  
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 333 total points
ID: 35081853
For RedHat check

/etc/pam.d/system-auth

wmp
0
 

Author Closing Comment

by:TIMFOX123
ID: 35084428
thx
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now