SOLARIS 9 - Security checkList
1.Is it possible to use dictionary files to validate passwords changes via Patch or manual configuration?
can be done, if you upgrade to Solaris 10 and edit /etc/default/passwd (see man passwd) this is the asnwer I have got from this forum, I appreciate however i need a solution in solaris 9 itself, in this particular scenario upgradation is not possible.
2.Is it possible to set an historic record of passwords in order to avoid that users re assign previous values, using patch?
I know by Default No, by using additional Softwares, Yes! Can it be done.
can be done, if you upgrade to Solaris 10 and edit /etc/default/passwd (see man passwd)
3.Is it possible to set passwords inactivity period for automatic deactivation, using patch or manual configuration?
It is possible; we donę° need any additional software for that. I guess its etc/shadow (pls let me know if im wrong)
well, should work. At least you can set how long a password is valid (see man passwd).
4..-How can we set, the password mandatory option? By default solaris accepts blank password, is there anyway we can make it mandatory?
(if some one can help me in this, that will be great.)
5.How can it be configured, that initial passwords are valid only for one session?
Can be done with if you use something like MS AD or LDAP for your naming service, don't think Standard Solaris can do it. Even if you of course can use the PAM framework to create a PAM module which does this, or search the net to see if someone have done it already.
Thinking of it, it might be possible in pure Solaris as well, but if it is haven't done it. Perhaps someone else knows.
6.Is it possible to set the retry limit for denied access, if so how? How can we set the block interval when the access denied threshold is reached?
Possible, again, if you upgrade to Solaris 10. In Solaris 10 you can lock an account after X amount of failed login attempts by editing /etc/security/policy.conf and make sure that LOCK_AFTER_RETRIES are set to "yes".
By default this feature allows the user to try and login 4 times, after 4 bad login attempts the account is locked. The amount of retries can be set in /etc/default/login .
The time can also be set in login, sort of.
The latter file can also be used to specify when to log the failed attemt to syslog. See (on Solaris 10): man login : man policy.conf
7.How can we set the administrator passwords policy?
If you are refering to the root account; in the same way as any other account i'ld suppose. Even if you have to be more careful. The root accounts might not be used very frequently, and when you have to use them its probably an emergency..[/b
Please update this, I want help in solaris 9, not 10. If some one can contribute, I appreciate.
Thanks,
