[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

unix security audit

Posted on 2011-03-08
5
Medium Priority
?
543 Views
Last Modified: 2012-05-11
I need to know the Solaris / AIX / redhat file-setting that enforces:
Passwords must be at least 7 char long
Passwords must be alpah numeric.
The new password must not match any of the last 4 passwords
Account lockout after 6 attempts
Does the account auto unlock after so many minutes ?
Idle time in ssh is 15 minutes until it locks out your ssh sesson.

thank you





0
Comment
Question by:TIMFOX123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 668 total points
ID: 35072749
In solaris OS this can be found under

under /etc/default
vi passwd

MAXWEEKS=8
MINWEEKS=
PASSLENGTH=8
WARNWEEKS=6
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1332 total points
ID: 35072814
AIX:

To list values:

lssec -f /etc/security/user -s default -a minlen -a minalpha -a minother -a histsize -a loginretries

There is no auto unlock in AIX. An ssh timeout does not exist either, see below how to emulate it.

To set the default values to what you desire:

chsec -f /etc/security/user -s default -a minlen=7 -a minalpha=1 -a minother=1 -a histsize=4 -a loginretries=6

Set values for individual users with:

chuser minlen=7 minalpha=1 minother=1 histsize=4 loginretries=6 userid

Emulate a 15 minute ssh timeout with:

ClientAliveCountMax 0
ClientAliveInterval 900

in /etc/ssh/sshd_config

wmp



0
 

Author Comment

by:TIMFOX123
ID: 35072832
thx,  

still a lot of things I still need :)  
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1332 total points
ID: 35081853
For RedHat check

/etc/pam.d/system-auth

wmp
0
 

Author Closing Comment

by:TIMFOX123
ID: 35084428
thx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month14 days, 14 hours left to enroll

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question