Go to main content

Securing Users and Processes in Oracle® Solaris 11.4

Exit Print View

Updated: September 2018
 
 

Security Attributes in Files and Their Corresponding SMF Properties

The SMF properties in Figure 6, Table 6, Login Security Attributes in Files and SMF can be modified when the config/etc_default_login stencil in the account-policy service is enabled.

Table 6  Login Security Attributes in Files and SMF
Variable Name
Legacy File
SMF Property
ANNOTATION
/etc/security/policy.conf
login_policy/annotation
CLEARANCE
/etc/security/policy.conf
login_policy/clearance
CONSOLE
/etc/default/login
login_policy/root_login_device
DISABLETIME
/etc/default/login
login_policy/disabletime
LOCK_AFTER_RETRIES
/etc/security/policy.conf
login_policy/lock_after_retries
PAM_POLICY
/etc/security/policy.conf
login_policy/pam_policy
PASSREQ
/etc/default/login
login_policy/password_required
RETRIES
/etc/default/login
login_policy/retries
SLEEPTIME
/etc/default/login
login_policy/sleeptime
TIMEOUT
/etc/default/login
login_policy/timeout
UNLOCK_AFTER
/etc/security/policy.conf
login_policy/auto_unlock_time

The SMF properties in Figure 7, Table 7, Password Security Attributes in Files and SMF can be modified when the config/etc_default_passwd stencil in the account-policy service is enabled.

Table 7  Password Security Attributes in Files and SMF
Variable Name
Legacy File
SMF Property
CRYPT_DEFAULT
/etc/security/policy.conf
password/crypt/default
CRYPT_ALGORITHMS_ALLOW
/etc/security/policy.conf
password/crypt/algorithms_allow
CRYPT_ALGORITHMS_DEPRECATE
/etc/security/policy.conf
password/crypt/algorithms_deprecate
DICTIONDBDIR
/etc/default/passwd
password/dictionary/db_dir
DICTIONLIST
/etc/default/passwd
password/dictionary/word_list
DICTIONMINWORDLENGTH
/etc/default/passwd
password/dictionary/min_word_length
HISTORY
/etc/default/passwd
password/history
MAXDAYS
/etc/default/passwd
password/aging_defaults/max_days
MAXREPEATS
/etc/default/passwd
password/complexity/max_repeats
MAXWEEKS
/etc/default/passwd
password/aging_defaults/max_weeks
MINALPHA
/etc/default/passwd
password/complexity/min_alpha
MINDAYS
/etc/default/passwd
password/aging_defaults/min_days
MINDIFF
/etc/default/passwd
password/complexity/min_diff
MINDIGIT
/etc/default/passwd
password/complexity/min_digit
MINLOWER
/etc/default/passwd
password/complexity/min_lower
MINNONALPHA
/etc/default/passwd
password/complexity/min_nonalpha
MINSPECIAL
/etc/default/passwd
password/complexity/min_special
MINUPPER
/etc/default/passwd
password/complexity/min_upper
MINWEEKS
/etc/default/passwd
password/aging_defaults/min_weeks
NAMECHECK
/etc/default/passwd
password/complexity/namecheck
PASSLENGTH
/etc/default/passwd
password/complexity/passlength
WARNDAYS
/etc/default/passwd
password/aging_defaults/warn_days
WARNWEEKS
/etc/default/passwd
password/aging_defaults/warn_weeks
WHITESPACE
/etc/default/passwd
password/complexity/whitespace

The SMF properties in Figure 8, Table 8, User Account Security Attributes in Files and SMF can be modified when the config/etc_security_policyconf stencil in the account-policy service is enabled.

Table 8  User Account Security Attributes in Files and SMF
Variable Name
Legacy File
SMF Property
AUTH_PROFS_GRANTED
/etc/security/policy.conf
rbac/default_auth_profiles
AUTHS_GRANTED
/etc/security/policy.conf
rbac/default_authorizations
CONSOLE_USER
/etc/security/policy.conf
rbac/console_user_profiles
PRIV_DEFAULT
/etc/security/policy.conf
rbac/default_privileges
PRIV_LIMIT
/etc/security/policy.conf
rbac/default_limit_privileges
PROFS_GRANTED
/etc/security/policy.conf
rbac/default_profiles

The SMF properties in Figure 9, Table 9, User Environment Security Attributes in Files and SMF can be modified when the config/etc_default_login stencil in the account-policy service is enabled.

Table 9  User Environment Security Attributes in Files and SMF
Variable Name
Legacy File
SMF Property
ALTSHELL
/etc/default/login
login/environment/set_shell
HZ
/etc/default/login
login/environment/hz
PATH
/etc/default/login
login/environment/path
SUPATH
/etc/default/login
login/environment/root_path
TIMEZONE
/etc/default/login
login/environment/timezone
ULIMIT
/etc/default/login
login/environment/ulimit
UMASK
/etc/default/login
login/environment/umask

The SMF properties in Figure 10, Table 10, Logging and su Security Attributes in Files and SMF can be modified when the config/etc_default_login and config/etc_default_su stencils in the account-policy service is enabled.

Table 10  Logging and su Security Attributes in Files and SMF
Variable Name
Legacy File
SMF Property
SYSLOG
/etc/default/login
login/log/syslog
SYSLOG_FAILED_LOGINS
/etc/default/login
login/log/syslog_failed_attempts
CONSOLE
/etc/default/su
su/log/device
PATH
/etc/default/su
su/environment/path
SULOG
/etc/default/su
su/log/logfile
SUPATH
/etc/default/su
su/environment/path
SYSLOG
/etc/default/su
su/log/syslog