|
|
A security profile is a set of pre-configured values for parameters that control the security behavior of your system, such as how long passwords last, or what privileges are assigned to users. Once you choose a profile, you can switch to another profile, or change any one of the dozens of parameters on an individual basis.
System security profiles
Security profiles | ||||
---|---|---|---|---|
Security parameters | Low | Traditional | Improved | High |
Passwords | ||||
Minimum weeks between changes | 0 | 0 | 0 | 2 |
Expiration warning (weeks) | - | - | 1 | 6 |
Lifetime (weeks) | infinite | infinite | 24 | 12 |
Minimum length | 1 | 3 | 6 | 8 |
Password required to login | no | yes | yes | yes |
Logins | ||||
Maximum unsuccessful attempts before delay is started | 99 | 99 | 5 | 3 |
Delay between attempts (secs) | 0 | 10 | 20 | 20 |
Time to complete login (secs) | 300 | 60 | 60 | 60 |
Weeks an account can be idle | infinite | infinite | 50 | 50 |
Logging threshold for failures | infinite | infinite | 5 | 1 |
Networking | ||||
Services disabled | none | none | tftp mountd ypupdated rusersd walld sprayd | tftp finger systat netstat shell login exec ftp telnet mountd ypupdated ruserd walld sprayd |
Audit (if configured) | ||||
Action if audit write error | disable | disable | shutdown | shutdown |
Action if audit log is full | disable | disable | disable | switch |
Events audited | id_auth priv process |
id_auth
priv process cov_chan |
id_auth
priv process device cov_chan audit |
id_auth
priv process device cov_chan audit file_access io_cntl printer sched |
Other | ||||
root login on console only | no | no | yes | yes |
Console <Ctrl><Alt><Del> allowed | no | no | no | no |
su(1) use logged | no | no | yes | yes |
Default umask[1] | 022 | 022 | 027 | 077 |
UIDs reusable[2] | yes | yes | yes | yes |
Users can schedule jobs | allow | allow | deny | deny |
Home directory permissions | 755 | 755 | 750 | 700 |
Restricted chown(1)[3] | no | no | yes | yes |
Remote printing access allowed | yes | yes | no | no |