Resolution
How do I update the Unix password dictionary used for weak passwords?
goal
What file checks the Unix agent for passwords that are not sufficiently complex?
fact
NetIQ Security Agent for Unix 5.5
fact
NetIQ Vulnerability Manager 5.0
fact
NetIQ Vulnerability Manager 5.5
fact
VigilEnt Security Agent for Unix 4.0
fact
VigilEnt Security Agent for Unix 5.0
fix
The Unix security agent has a password dictionary file named unix.dict which currently exists in three separate locations inside the agent installation directory structure, however the file is exactly the same in each location. The locations and usage of each is as follows:
$PSHOME/vsaunix/{OS}/vsau/data/dict/unix.dict- Used for legacy tasks and security checks in Vulnerability Manager$PSHOME/vsaunix/{OS}/vs/data/dict/unix.dict- Used by the Expert Checker in Unix Manager$PSHOME/vsaunix/{OS}/cmnagent/data/dict/unix.dict- Used by thepassword strengthattribute of theUserobject in the Vulnerability Manager custom checker
The $PSHOME is a variable in /etc/vsaunix.cfg that points to the location where the agent is installed. The {OS} is the specific operating system installed on the agent which also appears as a directory in the installation.
The dictionary shipped with the product has 25,000+ entries. To edit this file place one entry on a single line and save your changes. The next run of the Users with weak passwords or a similar type of report will use the updated unix.dict file. If you update the file, copy it to the other locations on the agent. The file is a simple text file and entries can be added anywhere inside the file, but adding entries at the bottom allows for easier tracking of changes to the file. Below is an example of entries in the file, from the top:
# more unix.dict
10th
1st
2nd
3rd
4th
5th
6th