Hey folks,
I need some help, I am treading on new ground and need some hand holding
I am trying to enable password history and failed logon attempts in a fresh vSphere install.
I am using the following PDF as my guide: "vSphere Hardening Guide April 2010"
Problem #1 ENABLE PASSWORD HISTORY
The PDF states to do the following:
Edit the /etc/pam.d/system-auth-generic file and add the string “remember=x” where x is the number of passwords toretain to the end of the following line:
“password sufficient /lib/security/$ISA/pam_unix.so”
However when I look at the system-auth-generic file there is no line that contains $ISA/pam_unix.so and the phrase "password sufficient" the only line i see even references $ISA is:
password required /lib/security/$ISA/pam_passwdqc.so min=disabled,disabled,disabled,12,8, similar=deny match=0
This is the only line that has "password sufficient" e in my sys-auth-generic file:
"password sufficient pam_unix.so try_first_pass use_authtok nullok md5"
so I added "_remember =10_" at the end of this line. is that correct??
i also performed the following commands as required:
touch /etc/security/opasswd
chmod 600 /etc/security/opasswd
chown root:root /etc/security/opasswd
PROBLEM 2 FAILED LOGON ATTEMPTS
the guide says to use the following command to set number of failed attempts:
esxcfg-auth --maxfailedattempts=3
this command is not recognized in vSphere 4....how can I set this up, what do i need to edit etc...???
Thanks guys I really appreciate it.
Have the same problem with Establishing a password history, also new to all this and have linited lunix experience. Does anyone have an update...
should the line read
Password sufficient pam_unix.so try_first_pass use_auhtok nullok shadow md5 remember=x
x = whatever number u like
or should we write the line as the hardening document describes
Password sufficient /lib/security/$ISA/pam_unix try_first_pass use_auhtok nullok shadow md5 remember=x
A little help here please. Don't supose there is a discussion group about hardening ESX in general
Hello,
Use the following line, note that it is slightly different as it uses .so at the end of pam_unix, where you typed it without the .so.
Password sufficient /lib/security/$ISA/pam_unix.so try_first_pass use_auhtok nullok shadow md5 remember=x
A little help here please. Don't supose there is a discussion group about hardening ESX in general
This is the proper forum for such discussions.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]