1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. UX Bastille
  6. User manual

HP UX Bastille User Manual page 35

Version b.3.3
Hide thumbs
Table of Contents

Advertisement

Description
HP-UX stores the encrypted password string for each user in the /etc/passwd
file. These encrypted strings are viewable by anyone with access to the /etc/
file system, typically all users. Using the encrypted string, an attacker can find
valid passwords for your system.
Actions
Convert system to trusted mode or use shadowed passwords (dependent on
OS version).
AccountSecurity.lock_account_nopasswd
Headline
Lock the local accounts with no password.
Default
Y
Description
Accounts with no passwords allow any user to execute arbitrary actions on
your server and invite attack. Passwordless accounts should always be against
policy. This item disables accounts with no password.
Actions
Lock all local accounts that do not have a password with the passwd -l
command.
AccountSecurity.mesgn
Headline
Set mesg n for all users.
Default
N
Description
The mesg n command forbids messages through write by revoking write
permission to users without appropriate privilege on the user's terminal. For
a description of mesg, see write(1). Disabling this feature prevents untrusted
users from contacting users to solicit credentials or other sensitive data.
Actions
Append the line "mesg n" to the files profile, csh.login, d.profile, and d.login
in /etc.
AccountSecurity.MIN_PASSWORD_LENGTH
Headline
Set the minimum length of new passwords.
Default
8
Description
The MIN_PASSWORD_LENGTH parameter controls the minimum length of new
passwords. This policy is not enforced for the root user on an untrusted system.
Actions
In the /etc/default/security file, set the parameter
MIN_PASSWORD_LENGTH.
AccountSecurity.NOLOGIN
Headline
Non-root users are not allowed to log in if /etc/nologin exists.
Default
N
Description
The NOLOGIN parameter controls non-root login with the /etc/nologin
file.
Actions
Sets the parameter NOLOGIN=1 in the /etc/default/security file.
AccountSecurity.NUMBER_OF_LOGINS_ALLOWED
Headline
Enter the maximum number of logins per user.
Default
1
Description
The NUMBER_OF_LOGINS_ALLOWED parameter controls the number of
simultaneous sessions allowed per user. This is applicable only for non-root
users. This limits user accounts sharing and alerts users to a compromised
account.
Actions
Sets the parameter NUMBER_OF_LOGINS_ALLOWED in the /etc/default/
security file.
35

Advertisement

Table of Contents
loading

Related Manuals for HP UX Bastille

Related Products for HP UX Bastille

This manual is also suitable for:

Ux bastille b.3.3

Table of Contents