DISCLAIMER! This document is nothing more than the musings of the author as he attempts to perform the stated tasks. Conclusions and approaches
may very well be incorrect, inefficient, or otherwise outside of professionally accepted best practices. Use this document at your own risk! In this
document, screen outputs will be presented in green. Where keyboard input is required, the prompt will be in bolded red. # means you should be at the
super user prompt, $ means you should be at an unprivileged user prompt. Do not include these prompts in your input! The command to be typed will be
shown in blue.
# ls -al
means you type ls -al at the super user prompt.
echo Set “mesg n” as default for all users
cd /etc
for file in profile .login
do
if [ "`grep mesg $file`" ]; then
awk ‘$1 == “mesg” { $2 = “n” }
{ print }’ $file >$file.new
mv $file.new $file
else
echo mesg n >>$file
fi
pkgchk -f -n -p /etc/$file
done
The Automated Security Enhancemen Tool (ASET)
ASET is a security package that provides automated administration tools for controlling and monitoring system security. It runs various tasks that perform specific checks and adjustments based on the level at which ASET is run — one of low, medium, or high (access permissions of many files restricted). ASET tasks include:
The fix is to chmod 0600 /usr/aset/userlist
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise. I can't find anything on how to force this. The documentation I found just said to change non-compliant passwords.
add the directive. As follows:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes128-cbc
add the directive. As follows:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes128-cbc
Compression Delayed