用户登陆超时时间设置
echo "export TMOUT=300" >> /etc/profile
source /etc/profile
设置密码到期时间
sed -i "/99999/s/99999/90/" /etc/login.defs
设置密码复杂度
echo "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3" >> /etc/pam.d/system-auth
设置不许root登录
sed '/#PermitRootLogin yes/s/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
限制用户su到root,只允许wheel组的su
sed -i "/^#.*required/s/^#//" /etc/pam.d/su
sed -i '/required/s/pam_wheel.so use_uid/\/lib\/security\/pam_wheel.so group=wheel/' /etc/pam.d/su