How to Change Security Defaults in System Files
Files in the /etc/security and /etc/default directories contain security values. For more information, see Chapter 3, Controlling Access to Systems in Securing Systems and Attached Devices in Oracle Solaris 11.3.
 | Caution - Relax system security defaults only if site security policy allows you to. |
Before You Begin
You are in the global zone and are assigned the solaris.admin.edit/filename authorization. By default, the root role has this authorization.
- Edit the system file.
The following table lists the security files and which security values you might change in the files. The first two files are unique to Trusted Extensions.
FileTaskFor More Informationsel_config in /usr/share/gnome/Specifies how system behaves when information is moved to a different label.sel_config(4) man pageTrustedExtensionsPolicy in /usr/lib/xorg/Modify SUN_TSOL security policy enforcement of label separation in the X server.TrustedExtensionsPolicy(4) man page/etc/default/loginReduce the allowed number of password tries.passwd(1) man page/etc/default/kbdDisable keyboard shutdown.Note - On hosts that are used by administrators for debugging, the default setting for KEYBOARD_ABORT allows access to the kadb kernel debugger.
kadb(1M) man page/etc/security/policy.confRequire a more powerful algorithm for user passwords.Remove a basic privilege from all users of this host.Restrict users of this host to Basic Solaris User authorizations.policy.conf(4) man page/etc/default/passwdRequire users to change passwords frequently.Require users to create maximally different passwords.Require a longer user password.Require a password that cannot be found in your dictionary.passwd(1) man page