HP-UX Standard Mode Security Extensions Release Notes HP-UX Servers and Workstations HP-UX 11i v2 May 2005 update Documentation Web Site: http://www.docs.hp.com Manufacturing Part Number: 5991-0791 May 2005 United States © Copyright 2005 Hewlett-Packard Development Company, L.P.
Legal Notices The information in this document is subject to change without notice. Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. U.S. Government License Confidential computer software.
Publication History The manual publication date and part number indicate its current edition. The publication date will change when a new edition is released. To ensure that you receive the new editions, you should subscribe to the appropriate product support service. See your HP sales representative for details. First Edition May 2005, 5991-0791, HP-UX 11i v2 (B.11.
1 HP-UX Standard Mode Security Extensions Release Note Announcement The following information is for the HP-UX Standard Mode Security Extensions for HP-UX 11i version 2 May 2005 update. These security features are included in the StdModSecExt bundle which contains the TrustedMigration product. The security features include enhancements or changes to the HP-UX auditing system, passwords, and logins.
HP-UX Standard Mode Security Extensions Release Note What’s in This Version What’s in This Version The following sections briefly describe the security features of HP-UX Standard Mode Security Extensions.
HP-UX Standard Mode Security Extensions Release Note What’s in This Version NOTE The Standard Mode Security Extensions bundle does not change systems running in trusted mode. Auditing System in Standard Mode HP-UX The purpose of the auditing system is to record security relevant events for analysis. This information helps detect repeated attempts of security breaches. Thus, the auditing system acts as a deterrent against system abuses and exposes potential security weaknesses.
HP-UX Standard Mode Security Extensions Release Note What’s in This Version Configurable System-Wide Security Defaults in /etc/default/security System-wide defaults for security features are configured in the security defaults file, /etc/default/security, by modifying the attribute=value pairs. See Table 1-1and Table 1-2 for a list of attributes affected by the HP-UX Standard Mode Security Extensions. Table 1-1 and Table 1-2 do not show a complete list of attributes.
HP-UX Standard Mode Security Extensions Release Note What’s in This Version Table 1-2 lists the existing security attributes that can now also be configured on a per-user basis. Table 1-2 Revised Security Features and Attributes Now Also Available on a Per-User Basis Existing Security Features Attribute name Specifies the minimum number of lower-case, upper-case, digits, or special characters required in a password when changed.
HP-UX Standard Mode Security Extensions Release Note What’s in This Version The INACTIVITY_MAXDAYS attribute defined in the /etc/default/security file controls whether to expire inactive accounts on a system-wide basis. To override the system-wide default and configure INACTIVITY_MAXDAYS on a per-user basis, use the useradd -f command or the usermod -f command. Use the userdel command to delete the per-user configuration. Refer to the useradd (1M), usermod (1M), and userdel (1M) manpages.
HP-UX Standard Mode Security Extensions Release Note Known Problems and Workarounds Known Problems and Workarounds There are no known problems. Compatibility Information and Installation Requirements This section explains the installation requirements. Software Requirements The system must have standard HP-UX 11i version 2 September 2004 or later core products installed on it.
HP-UX Standard Mode Security Extensions Release Note Compatibility Information and Installation Requirements • The HP-UX Security Attributes Configuration product configures system-wide and per-user values of security attributes. It includes graphical and terminal user interfaces. The HP-UX Security Attributes Configuration product requires the StdModSecExt bundle to be installed on the same HP-UX system. Refer to the HP-UX Security Attributes Configuration Release Notes at http://docs.hp.com.
HP-UX Standard Mode Security Extensions Release Note Installing the HP-UX Standard Mode Security Extensions Software Installing the HP-UX Standard Mode Security Extensions Software The HP-UX Standard Mode Security Extensions software can be installed from Software Depot or from the Software Pack CD-ROM. Installing from Software Depot Follow these instructions to download the software. This installation information is also at: http://www.software.hp.com/portal/swdepot/displayInstallInfo.
HP-UX Standard Mode Security Extensions Release Note Installing the HP-UX Standard Mode Security Extensions Software NOTE The name and location of the depot above are for example only. The actual name and location may vary. Step 8. Verify the installation using the swlist command. If the StdModSecExt bundle is installed on the system, the swlist command will report the following information.
HP-UX Standard Mode Security Extensions Release Note Installing the HP-UX Standard Mode Security Extensions Software Step 3. Install the StdModSecExt bundle from the CD using the swinstall command. Note that the autoreboot flag must be specified. The system will reboot after installation. # swinstall -x autoreboot=true -s /cdrom/StdModSecExt.depot \* Step 4. Verify the installation using the swlist command.
HP-UX Standard Mode Security Extensions Release Note Removing (uninstalling) the Product Removing (uninstalling) the Product To remove or uninstall the TrustedMigration product from your HP-UX 11i version 2 September 2004 (or later) system, login as root and use the swremove command: # swremove TrustedMigration The product will be removed. Use the swlist command to verify that the TrustedMigration product was removed. The swlist command will not list TrustedMigration if it was removed.
HP-UX Standard Mode Security Extensions Release Note List of Available Documents List of Available Documents The following documentation describes the features of the HP-UX Standard Mode Security Extensions: • HP-UX 11i Security Containment Administrator’s Guide • HP-UX Standard Mode Security Extensions Release Notes (5991-0791) The above HP-UX documentation is available from the Internet and Security Solutions page of the HP Technical Documentation Web Site at http://docs.hp.com/en/internet.html.
HP-UX Standard Mode Security Extensions Release Note List of Available Documents Table 1-3 New Manpages (Continued) New Manpage Description userdbck (1M) Describes the userdbck command which verifies or fixes information in the user database. Refer to userdb (4). userdbget (1M) Describes the userdbget command which displays information residing in the user database. Refer to userdb (4). userdbset (1M) Describes the userdbset command which modifies information in the user database.
HP-UX Standard Mode Security Extensions Release Note List of Available Documents Table 1-4 Revised Manpage Revised Manpages (Continued) Description security (4) Describes the security defaults configuration file, /etc/default/security, and attributes. A number of system commands and features are configured based on certain attributes defined in /etc/default/security. shadow (4) Describes the shadow password file, /etc/shadow. useradd (1M) Adds a new user login to the system.
