HP-UX 11i Version 2 May 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

151

152

153

154

155

156

157

158

159

160

Security

HP-UX Standard Mode Security Extensions

Chapter 8

160

The software is in the StdModSecExt bundle and is available at HP Software Depot at

http://software.hp.com and on Software Pack (SPK) for HP-UX 11i v2 May 2005. For

more information about SPK, see “Software Pack (Optional HP-UX 11i v2 Core

Enhancements)” on page 28.

Summary of Change

Several security features previously available only in trusted mode are now available on

standard mode systems.

In addition, several security attributes can now be configured

with a system-wide default or with a per-user value.

The following security features are now available in standard mode:

• Auditing user and system activities.

• Account locking after too many authentication failures.

• Displaying the last successful and unsuccessful login.

• Preventing the re-use of passwords in the password history.

• Preventing logins with null passwords.

• Restricting logins to specific time periods.

• Expiring inactive accounts.

The above security features have been implemented by the following HP-UX changes:

• The auditing system.

•The /etc/default/security configuration file (system-wide security defaults).

•The /etc/pam.conf configuration file and the PAM libraries.

•The libsec routines.

• The addition of a user database for per-user configuration.

Also see “HP-UX Auditing System” on page 152 and “HP-UX 11i Security Containment”

on page 150.

Impact

The HP-UX Standard Mode Security Extensions bundle can be installed on HP-UX 11i

v2 September 2004 or later.

Each of the security features is optionally configured. The HP-UX Standard Mode

Security Extensions bundle does not change systems running in trusted mode.

The following products or software are related to HP-UX Standard Mode Security

Extensions:

• The HP-UX Security Attributes Configuration product configures system-wide and

per-user values of security attributes. It includes graphical and terminal user

interfaces. This product requires the StdModSecExt bundle to be installed on the

same HP-UX system. See “HP-UX Security Attributes Configuration” on page 158

and also refer to the HP-UX Security Attributes Configuration Release Notes at

http://docs.hp.com.

1. These features are also available when using the shadow password file.