AIX and Red Hat /etc/security files

In AIX; /etc/security/user and /etc/security/lastlog are files I use heavily to set expiration and clear failed login attempts. What are the equivalent files in Red Hat?
AIX25Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jlevieCommented:
Password length and life settings are in /etc/login.defs. Password tries before lockout, complexity requirements, and history can be set in /etc/pam.d/system-auth. You can include pam_tally2 to set the number of failed attempts before lockout, pam_cracklib or pam_passwdqc to require complex passwords, or add "remember=n" to prevent users from reusing passwords.
0
madunix (Fadi SODAH)Commented:
As per AIX manual
File '/etc/security/user'  contains extended user attribute and file '/etc/security/lastlog' is an ASCII file that contains stanzas with the last login attributes for users.

In AIX you describe and modify user and group management in the following related files, profiles, and set or change the shell environment (/etc/security/user, /etc/security/limits, /etc/security/passwd, /etc/profile/, .profile)


A login process do the validation process
a.      If login fails, a record is added to /etc/security/failedlogin
b.      If login is successful:
      /etc/environment
      /etc/security/environ
      /etc/security/limits
      /etc/security/user
      /etc/profile
      $HOME/.profile (or .dtprofile for CDE)

How to reset the failed login count:
# chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s pons


It covers number of parameters, such as account_locked , admin, expires,  histexpire, histsize, login, maxage, minage, rlogin, su  etc.  which are related to the user password ageing and account validity, and priviledges.

The RHEL manages these parameter differently. It keeps different files to achieve the purpose.  

1. account_locked ( Lock out the account; the user is unable to log in if set to True.)
To lock  the account you can use the command " chage ".
The chage command with '-l' option would yield number of parameter about users, such as:

# chage -l
Usage: chage [options] user

Options:
  -d, --lastday LAST_DAY      set last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE      set account expiration date to EXPIRE_DATE
  -h, --help                  display this help message and exit
  -I, --inactive INACTIVE      set password inactive after expiration
                        to INACTIVE
  -l, --list                  show account aging information
  -m, --mindays MIN_DAYS      set minimum number of days before password
                        change to MIN_DAYS
  -M, --maxdays MAX_DAYS      set maximim number of days before password
                        change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS


2. admin(if True, the user has administrative rights.)
For get this information, you need to check its 'uid, gid, sudo abilities'  uid and gid is given by command 'id <username> '   and 'sudo -l' will give sudo ability.


3. histexpire (      Number of weeks the user can't reuse a password.)
This particular information can be checked and configured using password policy.  To se the password policy kindly refer following article:


4. rlogin : this is an open end question, remote access  could be ssh, could rsh or telnet.  By default rsh and telnet is enabled for anyone. To check ssh ability you need to check /etc/ssh/sshd_config file settings. The parameter of interest are "AllowUsers  or AllowGroups" option. By default everyone is allowed.

5. su
By default everyone is allowed to use the 'su' command.  You can use the pam to controll this.

In Red Hat Enterprise Linux command '#last' obtain the information of last user logged in.

How to set password policy in Red Hat Enterprise Linux 6?
https://access.redhat.com/site/solutions/6632

Read more:
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red_Hat_Enterprise_Linux-6-Security_Guide-en-US.pdf
http://www.tecmint.com/linux-server-hardening-security-tips/
http://www.cyberciti.biz/tips/linux-security.html
http://cb.vu/unixtoolbox.xhtml
http://www.tablespace.net/quicksheet/aix-quicksheet.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.