Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Create non-expiring service accounts on Nokia Checkpoint & Juniper firewalls for Tripwire reporting

Currently we create accounts on our Nokia & JunOS firewalls for Tripwire to ssh login to extract
security parameters/settings for compliance checking.

However, these accounts expire every 90 days just like all other firewall accounts & we don't want
this as it will disrupt Tripwire daily reporting.

As Nokia is FreeBSD based & JunOS is Linux based, is there any way to create/set these accounts
at Unix/Linux command prompt such that they don't expire?

My firewall colleagues said it's a Nokia/JunOS global setting & have to set all accounts to non-expire
and can't set selective accounts to non-expire:  I used to support Solaris & Linux and I know it's
possible to do it in Solaris & Linux but not sure about Nokia & JunOS.  Anyone can help provide
step by step instructions ?
SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux
sunhux

ASKER

There are 3 generations of Nokia Checkpoint tt we have running different custom FreeBSD.

Suppose the Juniper & Checkpoints have external authentication, say to TACACS+, will it
then be possible to have Tripwire service accounts that don't expire while user accounts expire?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There is no need to stay chanting FreeBSD
It runs FreeBSD kernel, but all 'system' has nothing to do with FreeBSD.