Enhanced security enabled (UNIX)

Module: Startup Files

This check looks for any enhanced security extensions that are enabled on the operating system.

The following table lists the error messages for the check.

Table: Error messages for Enhanced security enabled

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NO_ENHANCED Category: Policy Compliance	UNIX (5839)	Title: No enhanced security features Description:The operating system does not provide any additional security features that can be optionally enabled. This message provides information but does not require any action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_DISABLE_OSF1 Category: Policy Compliance	UNIX (5840)	Title: Enhanced OSF1 security features are disabled Description:OSF1 provides enhanced security features that can be optionally enabled. These features are currently disabled. You should run the /usr/sbin/secsetup command to enable these features. See the system documentation for additional information.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_DISABLE_HP Category: Policy Compliance	UNIX (5841)	Title: Enhanced HPUX security features are disabled Description:HPUX provides enhanced security features that can be optionally enabled. These features are currently disabled. You should enable these features with the system administration manager (sam) tool. See the system documentation for additional information.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_DISABLE_AIX Category: Policy Compliance	UNIX (5842)	Title: Enhanced AIX security features are disabled Description:AIX provides enhanced security features that can be optionally enabled. These features are currently disabled. You should enable these features by reinstalling the operating system and choosing to install the trusted security options. Unfortunately, these options cannot be installed as add-on software at this time. See the system documentation for additional information.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_DISABLE_SGI Category: Policy Compliance	UNIX (5843)	Title: Enhanced IRIX security features are disabled Description:The IRIX operating system supports the use of a shadow password file, but this system is not using a shadow file. Shadow files allow encrypted passwords to be hidden from all non-root users. You should enable the use of a shadow password file. See the pwconv(1M) and shadow(4) man pages and the system documentation for additional information.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_UNKNOWN_OSF1 Category: Policy Compliance	UNIX (5844)	Title: Cannot determine state of OSF1 security enhancements Description:ESM cannot determine if the system is running BASE or ENHANCED mode security. You should run the /usr/sbin/secsetup command to set the desired security state. See the system documentation for additional information.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_UNKNOWN_HP Category: Policy Compliance	UNIX (5845)	Title: Cannot determine state of security enhancements Description:ESM cannot determine if the system is running BASE or TRUSTED mode security. You should use the system admininstration manager (sam) tool to set the security mode. See the system documentation for additional information.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_SEC_UNKNOWN_AIX Category: Policy Compliance	UNIX (5846)	Title: Cannot determine state of AIX security enhancements Description:ESM cannot determine if the system is running BASE or TRUSTED mode. Trusted mode is supported only in OS version 4.2 or higher. Consult the system documentation for further details on determining if you have the trusted mode installed (this is not an add-on software package at this time).	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NO_ENHANCED

Category: Policy Compliance

UNIX (5839)

Title: No enhanced security features

Description:The operating system does not provide any additional security features that can be optionally enabled. This message provides information but does not require any action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_DISABLE_OSF1

Category: Policy Compliance

UNIX (5840)

Title: Enhanced OSF1 security features are disabled

Description:OSF1 provides enhanced security features that can be optionally enabled. These features are currently disabled. You should run the /usr/sbin/secsetup command to enable these features. See the system documentation for additional information.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_DISABLE_HP

Category: Policy Compliance

UNIX (5841)

Title: Enhanced HPUX security features are disabled

Description:HPUX provides enhanced security features that can be optionally enabled. These features are currently disabled. You should enable these features with the system administration manager (sam) tool. See the system documentation for additional information.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_DISABLE_AIX

Category: Policy Compliance

UNIX (5842)

Title: Enhanced AIX security features are disabled

Description:AIX provides enhanced security features that can be optionally enabled. These features are currently disabled. You should enable these features by reinstalling the operating system and choosing to install the trusted security options. Unfortunately, these options cannot be installed as add-on software at this time. See the system documentation for additional information.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_DISABLE_SGI

Category: Policy Compliance

UNIX (5843)

Title: Enhanced IRIX security features are disabled

Description:The IRIX operating system supports the use of a shadow password file, but this system is not using a shadow file. Shadow files allow encrypted passwords to be hidden from all non-root users. You should enable the use of a shadow password file. See the pwconv(1M) and shadow(4) man pages and the system documentation for additional information.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_UNKNOWN_OSF1

Category: Policy Compliance

UNIX (5844)

Title: Cannot determine state of OSF1 security enhancements

Description:ESM cannot determine if the system is running BASE or ENHANCED mode security. You should run the /usr/sbin/secsetup command to set the desired security state. See the system documentation for additional information.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_UNKNOWN_HP

Category: Policy Compliance

UNIX (5845)

Title: Cannot determine state of security enhancements

Description:ESM cannot determine if the system is running BASE or TRUSTED mode security. You should use the system admininstration manager (sam) tool to set the security mode. See the system documentation for additional information.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_SEC_UNKNOWN_AIX

Category: Policy Compliance

UNIX (5846)

Title: Cannot determine state of AIX security enhancements

Description:ESM cannot determine if the system is running BASE or TRUSTED mode. Trusted mode is supported only in OS version 4.2 or higher. Consult the system documentation for further details on determining if you have the trusted mode installed (this is not an add-on software package at this time).

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []