CentOS复杂度设置

最新推荐文章于 2024-05-27 19:26:34 发布

IC棒棒

最新推荐文章于 2024-05-27 19:26:34 发布

阅读量706

点赞数 9

文章标签： centos linux 运维安全

本文链接：https://blog.csdn.net/weixin_48085856/article/details/135908574

版权

一、概述：

Linux系统复杂度策略主要在/etc/pam.d/文件夹下，如CentOS的/etc/pam.d/system-auth、Ubuntu的/etc/pam.d/common-password，此外CentOS还有一个/etc/security/pwquality.conf。

对比/etc/pam.d/system-auth与/etc/security/pwquality.conf，两个文档都可以配置复杂度策略，但system-auth优先级高于pwquality.conf。

二、配置复杂度策略

1、/etc/pam.d/system-auth

配置最小长度为8位，至少包含1位大写字母、1位小写字母、1位数字和1位特殊字符。

添加复杂度在password requisite后面，PAM模块会根据系统不同版本而变化，测试机系统版本是7.6，用的是pam_cracklib.so。

2、/etc/security/pwquality.conf

配置最小长度为9位，至少包含1位大写字母、1位小写字母、1位数字和1位特殊字符。

[test@localhost etc]$ cat /etc/security/pwquality.conf 
# Configuration for systemwide password quality limits
# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
# difok = 5
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
 minlen = 9
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
 dcredit = -1
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
 ucredit = -1
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
 lcredit = -1
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
 ocredit = -1
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
#
# The maximum number of allowed consecutive characters of the same class in the
# new password.
# The check is disabled if the value is 0.
# maxclassrepeat = 0
#
# Whether to check for the words from the passwd entry GECOS string of the user.
# The check is enabled if the value is not 0.
# gecoscheck = 0
#
# Path to the cracklib dictionaries. Default is to use the cracklib default.
# dictpath =

三、测试结果

1、/etc/pam.d/system-auth

账户test修改密码为8位，包含大写字母、数字组成，修改失败。

账户test修改密码为8位，包含大写字母、小写字母组成，修改失败。

账户test修改密码为8位，包含大写字母、小写字母、数字组成，修改失败。

账户test修改密码为7位，包含大写字母、小写字母、特殊字符、数字组成，修改失败。

账户test修改密码为8位，包含大写字母、小写字母、特殊字符、数字组成，修改成功。

2、 /etc/security/pwquality.conf

3、/etc/pam.d/system-auth与/etc/security/pwquality.conf优先级

system-auth优先级高于pwquality.conf。

备注：密码策略只对普通用户生效，超管账户无限制。

IC棒棒

关注

9
点赞
踩
12

收藏

觉得还不错? 一键收藏
0
评论
CentOS复杂度设置

Linux系统复杂度策略主要在/etc/pam.d/文件夹下，如CentOS的/etc/pam.d/system-auth、Ubuntu的/etc/pam.d/common-password，此外CentOS还有一个/etc/security/pwquality.conf。对比/etc/pam.d/system-auth与/etc/security/pwquality.conf，两个文档都可以配置复杂度策略，但system-auth优先级高于pwquality.conf。
复制链接

扫一扫