These values can be set or modified from the command line by root, using the passwd command as follows;
# passwd -n 0 -w 14 -x 60 username
Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.
These values can ONLY be queried or changed by root.
When a user changes their password, only the encrypted password and current date are stored in /etc/shadow. The "number-of-days" values are not changed.
The expiration date, is calculated, not stored.
To remove the password expiration, symply type:
# passwd -x -1 username
zondag 17 oktober 2010
disable login via serial port
/usr/sbin/pmadm -lPMTAG PMTYPE SVCTAG FLGS ID <PMSPECIFIC>
zsmon ttymon ttya u root /dev/term/a I - /usr/bin/login - 9600 ldterm,ttcompat ttya login: - tvi925 y #
zsmon ttymon ttyb u root /dev/term/b I - /usr/bin/login - 9600 ldterm,ttcompat ttyb login: - tvi925 y #
zsmon ttymon ttya u root /dev/term/a I - /usr/bin/login - 9600 ldterm,ttcompat ttya login: - tvi925 y #
zsmon ttymon ttyb u root /dev/term/b I - /usr/bin/login - 9600 ldterm,ttcompat ttyb login: - tvi925 y #
- /usr/sbin/pmadm -d -p zsmon -s ttya
- /usr/sbin/pmadm -d -p zsmon -s ttyb
zaterdag 16 oktober 2010
bsmconv, bsmunconv – enable or disable Solaris Auditing
Synopsis
/etc/security/bsmconv [rootdir].../etc/security/bsmunconv [rootdir]...Description
The bsmconv and bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).
To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use the bsmconv or bsmunconv commands without any options.
To enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the root directory of each diskless client you wish to affect. For example, the command:
myhost# bsmconv /export/root/client1 /export/root/client2
enables BSM on the two machines named client1 and client2. While the command:
myhost# bsmconv
enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.
After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configuration files in its root directory. You might want to edit these files before rebooting each client.
Following the completion of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly initialized.
/etc/security/bsmconv [rootdir].../etc/security/bsmunconv [rootdir]...Description
The bsmconv and bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).
To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use the bsmconv or bsmunconv commands without any options.
To enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the root directory of each diskless client you wish to affect. For example, the command:
myhost# bsmconv /export/root/client1 /export/root/client2
enables BSM on the two machines named client1 and client2. While the command:
myhost# bsmconv
enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.
After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configuration files in its root directory. You might want to edit these files before rebooting each client.
Following the completion of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly initialized.
Audit log rotation
add to crontab:
0 0 * * * /usr/sbin/audit -n
10 0 * * * find /var/audit/ -type f -mtime +7 -exec rm {} \; 2>/dev/null
0 0 * * * /usr/sbin/audit -n
10 0 * * * find /var/audit/ -type f -mtime +7 -exec rm {} \; 2>/dev/null
vrijdag 15 oktober 2010
Handy bookmarks
SUN BigAdmin System Administrator Resource
http://www.sun.com/bigadmin/home/index.jsp
Generating Random Passwords
http://www.securepasswords.net/site/GenPronounceable.html
http://www.sun.com/bigadmin/home/index.jsp
Generating Random Passwords
http://www.securepasswords.net/site/GenPronounceable.html
identify users of files and devices
HOST-root# fuser /var/opt/bsl/logs/*/*
/var/opt/bsl/logs/akamai/akamai.log: 28287o
/var/opt/bsl/logs/bslweb/bslweb.log: 28287o
/var/opt/bsl/logs/tomcat/catalina.out: 28287o
Process 28287 should be stopped
HOST-root# ps -efa | grep 28287
root 20158 19722 0 09:36:21 pts/1 0:00 grep 28287
tomcat 28287 1 0 Apr 17 ? 2:30 /opt/j2re1.4.2_13/bin/java -Djava.endorsed.dirs=/opt/apache-tomcat-4.1.36/commo
/var/opt/bsl/logs/akamai/akamai.log: 28287o
/var/opt/bsl/logs/bslweb/bslweb.log: 28287o
/var/opt/bsl/logs/tomcat/catalina.out: 28287o
Process 28287 should be stopped
HOST-root# ps -efa | grep 28287
root 20158 19722 0 09:36:21 pts/1 0:00 grep 28287
tomcat 28287 1 0 Apr 17 ? 2:30 /opt/j2re1.4.2_13/bin/java -Djava.endorsed.dirs=/opt/apache-tomcat-4.1.36/commo
Abonneren op:
Posts (Atom)