HP-UX Standard Mode Security Extensions B.11.23.02 Release Notes

The following information is for the HP-UX Standard Mode Security Extensions for HP-UX 11i

version 2 September 2004 update and later. These security features are included in the

StdModSecExt bundle which contains the TrustedMigration product.

The security features include enhancements or changes to the HP-UX auditing system, passwords,

and logins. In previous releases of HP-UX 11i v2, these features were only supported on systems

converted to trusted mode. By installing the Standard Mode Security Extensions, you can now

have these features without converting the system to trusted mode. More information is given

The following sections briefly describe the security features of HP-UX Standard Mode Security

Extensions.

• “Features and Benefits” (page 9)

• “Auditing System in Standard Mode HP-UX” (page 10)

• “Configurable System-Wide Security Defaults in /etc/default/security” (page 10)

• “User Database for Per-User Configurations” (page 11)

Features and Benefits

Several security features that were previously available only on systems running in trusted mode

are now available in standard mode without converting to trusted mode. In addition, several

• Preventing the re-use of passwords in the password history.

• Preventing logins with null passwords.

• Restricting logins to specific time periods.

• Expiring inactive accounts.

These security features are implemented by the following HP-UX changes:

• The auditing system.

• The /etc/default/security configuration file (system-wide security defaults).

• The /etc/shadow password file.

• The /etc/pam.conf configuration file and the PAM libraries.

• The libsec routines.