system.security.update

Update System Security Service Configuration.

This method is used to change the FIPS, STIG, and local account policies for TrueNAS Enterprise. These features are not available in community editions of TrueNAS.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: system_security_update

system_security_update

Type: object
No Additional Properties

Enable Fips

Type: boolean

When set, enables FIPS mode.

Enable Gpos Stig

Type: boolean

When set, enables compatibility with the General Purpose Operating System STIG.

Min Password Age


The number of days local users will have to wait before they will be allowed to change password again. One reason for setting this parameter is to prevent users from bypassing password history restrictions by rapidly changing their passwords. The value of None means that there is no minimum password age.

Type: integer

Value must be strictly greater than 0

Type: null

Max Password Age


The number of days after which a password is considered to be expired. After expiration no login will be possible for the user. The user should contact the administrator for a password reset. The value of None means that there is no maximum password age, and password aging is disabled.

NOTE: User passwords will never expire if password aging is disabled.

Type: integer

Value must be greater or equal to 7 and lesser or equal to 365

Type: null

Password Complexity Ruleset


The password complexity ruleset defines what character types are required for passwords used by local accounts. The value of None means that there are no password complexity requirements. List items indicate a requirement for at least one character in the password to be of the specified character set type.

Type: array of enum (of string)

All items must be unique

No Additional Items
Each item of this array must be:
Type: enum (of string)
Must be one of:
  • "UPPER"
  • "LOWER"
  • "NUMBER"
  • "SPECIAL"
Type: null

Min Password Length


The minimum length of passwords used for local accounts. The value of None means that there is no minimum password length.

Type: integer

Value must be greater or equal to 8

Type: null

Password History Length


The number of password generations to keep in history for checks against password reuse for local user accounts. The value of None means that history checks for password reuse are not performed.

Type: integer

Value must be greater or equal to 1 and lesser or equal to 10

Type: null

SystemSecurityEntry

Type: object
No Additional Properties

Id

Type: integer

Enable Fips

Type: boolean

When set, enables FIPS mode.

Enable Gpos Stig

Type: boolean

When set, enables compatibility with the General Purpose Operating System STIG.

Min Password Age

Default: null

The number of days local users will have to wait before they will be allowed to change password again. One reason for setting this parameter is to prevent users from bypassing password history restrictions by rapidly changing their passwords. The value of None means that there is no minimum password age.

Type: integer

Value must be strictly greater than 0

Type: null

Max Password Age

Default: null

The number of days after which a password is considered to be expired. After expiration no login will be possible for the user. The user should contact the administrator for a password reset. The value of None means that there is no maximum password age, and password aging is disabled.

NOTE: User passwords will never expire if password aging is disabled.

Type: integer

Value must be greater or equal to 7 and lesser or equal to 365

Type: null

Password Complexity Ruleset

Default: null

The password complexity ruleset defines what character types are required for passwords used by local accounts. The value of None means that there are no password complexity requirements. List items indicate a requirement for at least one character in the password to be of the specified character set type.

Type: array of enum (of string)

All items must be unique

No Additional Items
Each item of this array must be:
Type: enum (of string)
Must be one of:
  • "UPPER"
  • "LOWER"
  • "NUMBER"
  • "SPECIAL"
Type: null

Min Password Length

Default: null

The minimum length of passwords used for local accounts. The value of None means that there is no minimum password length.

Type: integer

Value must be greater or equal to 8

Type: null

Password History Length

Default: null

The number of password generations to keep in history for checks against password reuse for local user accounts. The value of None means that history checks for password reuse are not performed.

Type: integer

Value must be greater or equal to 1 and lesser or equal to 10

Type: null


Required roles: SYSTEM_SECURITY_WRITE