System Security

The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.


nv set system security encryption db state

Enables and disables password encryption in the NVUE startup.yaml file. By default, NVUE encrypts passwords, such as the RADIUS secret, TACACS secret, BGP peer password, OSPF MD5 key, and SNMP strings in the startup.yaml file.

Version History

Introduced in Cumulus Linux 5.10.0

Example

cumulus@switch:~$ nv set system security encryption db state disabled

nv set system security password-hardening digits-class

Configures the password policy so that passwords must include at least one digit. You can specify enabled or disabled. The default setting is enabled when password security is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening digits-class disabled

nv set system security password-hardening expiration

Configures the duration in days after which system passwords expire. You can set a value between 1 and 365 days. The default value is 180 days.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening expiration 30

nv set system security password-hardening expiration-warning

Configures the number of days before a password expires to send a warning. You can set a value between 1 and 30 days. The default value is 15 days.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening expiration-warning 5

nv set system security password-hardening history-cnt

Configures the number of times you can reuse the same password. You can set a value between 1 and 100. The default value is 10.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening history-cnt 20

nv set system security password-hardening len-min

Configures minimum password length. You can specify a value between 6 and 32 characters. The default value is 8.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening len-min 10

nv set system security password-hardening lower-class

Configures the password policy so that passwords must include at least one lower case character. You can specify enabled or disabled. The default setting is enabled when password security is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening lower-class disabled

nv set system security password-hardening reject-user-passw-match

Configures the password policy so that usernames can be passwords. You can specify enabled or disabled. The default setting is enabled when password security is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening reject-user-passw-match disabled

nv set system security password-hardening special-class

Configures the password policy so that passwords must include at least one special character. The default setting is enabled when password security is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening special-class disabled

nv set system security password-hardening state

Enables or disables password security. The default setting is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening state disabled

nv set system security password-hardening upper-class

Configures the password policy so that passwords must include at least one uppercase letter. The default setting is enabled when password security is enabled.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system security password-hardening upper-class disabled