sunhux
asked on
Create non-expiring service accounts on Nokia Checkpoint & Juniper firewalls for Tripwire reporting
Currently we create accounts on our Nokia & JunOS firewalls for Tripwire to ssh login to extract
security parameters/settings for compliance checking.
However, these accounts expire every 90 days just like all other firewall accounts & we don't want
this as it will disrupt Tripwire daily reporting.
As Nokia is FreeBSD based & JunOS is Linux based, is there any way to create/set these accounts
at Unix/Linux command prompt such that they don't expire?
My firewall colleagues said it's a Nokia/JunOS global setting & have to set all accounts to non-expire
and can't set selective accounts to non-expire: I used to support Solaris & Linux and I know it's
possible to do it in Solaris & Linux but not sure about Nokia & JunOS. Anyone can help provide
step by step instructions ?
security parameters/settings for compliance checking.
However, these accounts expire every 90 days just like all other firewall accounts & we don't want
this as it will disrupt Tripwire daily reporting.
As Nokia is FreeBSD based & JunOS is Linux based, is there any way to create/set these accounts
at Unix/Linux command prompt such that they don't expire?
My firewall colleagues said it's a Nokia/JunOS global setting & have to set all accounts to non-expire
and can't set selective accounts to non-expire: I used to support Solaris & Linux and I know it's
possible to do it in Solaris & Linux but not sure about Nokia & JunOS. Anyone can help provide
step by step instructions ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is no need to stay chanting FreeBSD
It runs FreeBSD kernel, but all 'system' has nothing to do with FreeBSD.
It runs FreeBSD kernel, but all 'system' has nothing to do with FreeBSD.
ASKER
Suppose the Juniper & Checkpoints have external authentication, say to TACACS+, will it
then be possible to have Tripwire service accounts that don't expire while user accounts expire?