system.security.update

Update System Security Service Configuration.

This method is used to change the FIPS, STIG, and local account policies for TrueNAS Enterprise. These features are not available in community editions of TrueNAS.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: system_security_update

system_security_update

Type: object
No Additional Properties

Enable Fips

Type: boolean

When set, enables FIPS mode.

Enable Gpos Stig

Type: boolean

When set, enables compatibility with the General Purpose Operating System STIG.

Min Password Age


The number of days local users will have to wait before they will be
allowed to change password again. One reason for setting this parameter is
to prevent users from bypassing password history restrictions by rapidly
changing their passwords. The value of None means that there is no
minimum password age.

Type: integer

Value must be strictly greater than 0

Type: null

Max Password Age


The number of days after which a password is considered to be expired. After
expiration no login will be possible for the user. The user should contact the
administrator for a password reset. The value of None means that there is no
maximum password age, and password aging is disabled. NOTE: user passwords will never
expire if password aging is disabled.

Type: integer

Value must be greater or equal to 7 and lesser or equal to 365

Type: null

Password Complexity Ruleset


The password complexity ruleset defines what character types are required
for passwords used by local accounts. The value of None means that there
are no password complexity requirements. List items indicate a requirement
for at least one character in the password to be of the specified character
set type.

Type: array of enum (of string)

All items must be unique

No Additional Items
Each item of this array must be:
Type: enum (of string)
Must be one of:
  • "UPPER"
  • "LOWER"
  • "NUMBER"
  • "SPECIAL"
Type: null

Min Password Length


The minimum length of passwords used for local accounts. The value of None
means that there is no minimum password length.

Type: integer

Value must be greater or equal to 8

Type: null

Password History Length


The number of password generations to keep in history for checks against
password reuse for local user accounts. The value of None means that history checks
for password reuse are not performed.

Type: integer

Value must be greater or equal to 1 and lesser or equal to 10

Type: null

SystemSecurityEntry

Type: object
No Additional Properties

Id

Type: integer

Enable Fips

Type: boolean

When set, enables FIPS mode.

Enable Gpos Stig

Type: boolean

When set, enables compatibility with the General Purpose Operating System STIG.

Min Password Age

Default: null

The number of days local users will have to wait before they will be
allowed to change password again. One reason for setting this parameter is
to prevent users from bypassing password history restrictions by rapidly
changing their passwords. The value of None means that there is no
minimum password age.

Type: integer

Value must be strictly greater than 0

Type: null

Max Password Age

Default: null

The number of days after which a password is considered to be expired. After
expiration no login will be possible for the user. The user should contact the
administrator for a password reset. The value of None means that there is no
maximum password age, and password aging is disabled. NOTE: user passwords will never
expire if password aging is disabled.

Type: integer

Value must be greater or equal to 7 and lesser or equal to 365

Type: null

Password Complexity Ruleset

Default: null

The password complexity ruleset defines what character types are required
for passwords used by local accounts. The value of None means that there
are no password complexity requirements. List items indicate a requirement
for at least one character in the password to be of the specified character
set type.

Type: array of enum (of string)

All items must be unique

No Additional Items
Each item of this array must be:
Type: enum (of string)
Must be one of:
  • "UPPER"
  • "LOWER"
  • "NUMBER"
  • "SPECIAL"
Type: null

Min Password Length

Default: null

The minimum length of passwords used for local accounts. The value of None
means that there is no minimum password length.

Type: integer

Value must be greater or equal to 8

Type: null

Password History Length

Default: null

The number of password generations to keep in history for checks against
password reuse for local user accounts. The value of None means that history checks
for password reuse are not performed.

Type: integer

Value must be greater or equal to 1 and lesser or equal to 10

Type: null


Required roles: SYSTEM_SECURITY_WRITE