Before You Begin
You must be assigned the Compliance Assessor rights profile to create a tailoring that can be added to the assessment store. For more information, see Rights to Run the compliance Command and Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
$ compliance tailor -t tailoring *** compliance tailor: Can't get existing tailor "tailoring", initializing tailoring:tailoring> set benchmark=benchmark
tailoring:tailoring> values OSCV-nnnnn (summary): value OSCV-nnnnn (summary): value ... #
tailoring:tailoring> include OSC-nnnnn tailoring:tailoring> value OSCV-nnnnn=value
tailoring:tailoring> commit tailoring:tailoring> exit # compliance assess -t tailoring Assessment will be named 'tailoring.date' Title Rule title Rule OSC-nnnnn Result pass
Change the default password length according to site requirements.
Change the PASSLENGTH value in the /etc/default/passwd file.
## /etc/default/passwd file ##PASSLENGTH=8 PASSLENGTH=13
Create a tailoring from the solaris benchmark.
$ pfexec compliance tailor -t passwdLength13Test *** compliance tailor: Can't get existing tailor "passwdLength13Test", initializing tailoring:passwdLength13Test> set benchmark=solaris
Display the rules in the solaris benchmark that contain variables and their possible values.
tailoring:passwdLength13Test> values -v OSCV-19500 (gdm service): _disabled_ /disabled|enabled/ OSCV-37500 (NFS client service): _disabled_ /disabled|enabled/ OSCV-46000 (Minimum Password Length): 6 <= _8_ <= 255 /6|8|14/ OSCV-47000 (Minimum Password Character Difference): 1 <= _3_ /3/ OSCV-48000 (Minimum Password Lower-Case Character Count): 0 <= _0_ /0|1/ OSCV-49000 (Minimum Password Special Character Count): 0 <= _0_ /0|1/
The output shows that the minimum password length that rule OSC-46000 can check for is 6 and the maximum is 255. The current value is 8.
Set the rule to check for a minimum password length of 13.
tailoring:passwdLength13Test> include OSC-46000 tailoring:passwdLength13Test> value OSCV-46000=13 tailoring:passwdLength13Test> commit tailoring:passwdLength13Test> exit $
Test the tailoring.
$ compliance assess -t passwdLength13Test Assessment will be named 'passwdLength13Test.2015-10-10,10:10' Title Passwords must be at least 13 characters long Rule OSC-46000 Result pass