I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help..
Last edited by Don Cragun; 10-12-2015 at 01:57 PM..
Reason: Add CODE tags.
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Hi Solaris's expert
I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??
password pattern: abcdeFgh9Jk
server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Today i was going through some of security guides written on linux .
Under shadow file security following points were mentioned.
1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.
2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Hi,
I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.
I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
hi folk,
i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.
# useradd testing
# passwd testing
New... (7 Replies)
Hi linux expert,
i would like to create a script for listing all user with there password policy. It should be in the following format:
Last password change : Sep 19, 2011
Password expires : never
Password inactive : never
Account... (2 Replies)
Hi Experts,
i would like to know the description of the following:
Minimum: 0
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Never
Password Expires: Never
Password Inactive: Never
Account Expires: Never
Does this means that... (2 Replies)
Hello All,
I have Sun DSEE7 (11g) on Solaris 10.
I have run idsconfig and initialized ldap client with profile created using idsconfig.
My ldap authentication works. Here is my pam.conf
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login ... (3 Replies)
Hello Team,
I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password.
Using PAM we can do it,... (1 Reply)
I need help. I have set a password policy. But I want to dis allow setting user name as password.
My policy is as below...
min length =8
min diff=2
min alpha=2
max repeats=2
dictionary= /usr/share/dict/words
Still user can set his username as password (i.e. Jackie1234).
Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies
LEARN ABOUT CENTOS
selinux_config
selinux_config(5) SELinux configuration file selinux_config(5)NAME
config - The SELinux sub-system configuration file.
DESCRIPTION
The SELinux config file controls the state of SELinux regarding:
1. The policy enforcement status - enforcing, permissive or disabled.
2. The policy name or type that forms a path to the policy to be loaded and its supporting configuration files.
3. How local users and booleans will be managed when the policy is loaded (note that this function was used by older releases of
SELinux and is now deprecated).
4. How SELinux-aware login applications should behave if no valid SELinux users are configured.
5. Whether the system is to be relabeled or not.
The entries controlling these functions are described in the FILE FORMAT section.
The fully qualified path name of the SELinux configuration file is /etc/selinux/config.
If the config file is missing or corrupt, then no SELinux policy is loaded (i.e. SELinux is disabled).
The sestatus (8) command and the libselinux function selinux_path (3) will return the location of the config file.
FILE FORMAT
The config file supports the following parameters:
SELINUX = enforcing | permissive | disabled
SELINUXTYPE = policy_name
SETLOCALDEFS = 0 | 1
REQUIREUSERS = 0 | 1
AUTORELABEL = 0 | 1
Where:
SELINUX
This entry can contain one of three values:
enforcing
SELinux security policy is enforced.
permissive
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
disabled
SELinux is disabled and no policy is loaded.
The entry can be determined using the sestatus(8) command or selinux_getenforcemode(3).
SELINUXTYPE
The policy_name entry is used to identify the policy type, and becomes the directory name of where the policy and its configuration
files are located.
The entry can be determined using the sestatus(8) command or selinux_getpolicytype(3).
The policy_name is relative to a path that is defined within the SELinux subsystem that can be retrieved by using selinux_path(3).
An example entry retrieved by selinux_path(3) is:
/etc/selinux/
The policy_name is then appended to this and becomes the 'policy root' location that can be retrieved by selinux_pol-
icy_root_path(3). An example entry retrieved is:
/etc/selinux/targeted
The actual binary policy is located relative to this directory and also has a policy name pre-allocated. This information can be
retrieved using selinux_binary_policy_path(3). An example entry retrieved by selinux_binary_policy_path(3) is:
/etc/selinux/targeted/policy/policy
The binary policy name has by convention the SELinux policy version that it supports appended to it. The maximum policy version sup-
ported by the kernel can be determined using the sestatus(8) command or security_policyvers(3). An example binary policy file with
the version is:
/etc/selinux/targeted/policy/policy.24
SETLOCALDEFS
This entry is deprecated and should be removed or set to 0.
If set to 1, then selinux_mkload_policy(3) will read the local customization for booleans (see booleans(5)) and users (see
local.users(5)).
REQUIRESEUSERS
This optional entry can be used to fail a login if there is no matching or default entry in the seusers(5) file or if the seusers
file is missing.
It is checked by getseuserbyname(3) that is called by SELinux-aware login applications such as PAM(8).
If set to 0 or the entry missing:
getseuserbyname(3) will return the GNU / Linux user name as the SELinux user.
If set to 1:
getseuserbyname(3) will fail.
The getseuserbyname(3) man page should be consulted for its use. The format of the seusers file is shown in seusers(5).
AUTORELABEL
This is an optional entry that allows the file system to be relabeled.
If set to 0 and there is a file called .autorelabel in the root directory, then on a reboot, the loader will drop to a shell where a
root login is required. An administrator can then manually relabel the file system.
If set to 1 or no entry present (the default) and there is a .autorelabel file in the root directory, then the file system will be
automatically relabeled using fixfiles -F restore
In both cases the /.autorelabel file will be removed so that relabeling is not done again.
EXAMPLE
This example config file shows the minimum contents for a system to run SELinux in enforcing mode, with a policy_name of 'targeted':
SELINUX = enforcing
SELINUXTYPE = targeted
SEE ALSO selinux(8), sestatus(8), selinux_path(3), selinux_policy_root_path(3), selinux_binary_policy_path(3), getseuserbyname(3), PAM(8), fix-
files(8), selinux_mkload_policy(3), selinux_getpolicytype(3), security_policyvers(3), selinux_getenforcemode(3), seusers(5), booleans(5),
local.users(5)Security Enhanced Linux 18 Nov 2011 selinux_config(5)