How to Change Security Defaults in System
Files
In Trusted Extensions, the security administrator changes or accesses default security settings on a system.
Files in the /etc/security and /etc/default directories contain security settings. On a Solaris system, superuser can edit these files. For Solaris security information, see Chapter 3, Controlling Access to Systems (Tasks), in System Administration Guide: Security Services.
Caution – Relax system security defaults only if site security policy allows you to.
Before You Begin
You must be in the Security Administrator role in the global zone.
-
Use the trusted editor to edit the system file.
For details, see How to Edit Administrative Files in Trusted Extensions.
File
Task
For More Information
/etc/default/login
Reduce the allowed number of password tries.
See the example under How to Monitor All Failed Login Attempts in System Administration Guide: Security Services.
passwd(1) man page
/etc/default/kbd
Disable keyboard shutdown.
How to Disable a System’s Abort Sequence in System Administration Guide: Security Services
Note –On hosts that are used by administrators for debugging, the default setting for KEYBOARD_ABORT allows access to the kadb kernel debugger. For more information about the debugger, see the kadb(1M) man page.
/etc/security/policy.conf
Require a more powerful algorithm for user passwords.
Remove a basic privilege from all users of this host.
Restrict users of this host to Basic Solaris User authorizations.
policy.conf(4) man page
/etc/default/passwd
Require users to change passwords frequently.
Require users to create maximally different passwords.
Require a longer user password.
Require a password that cannot be found in your dictionary.
passwd(1) man page
- © 2010, Oracle Corporation and/or its affiliates