Linux User Acccount Security Settings: How to ??

Author : Sanjay K

How to enable Account Password History
===========================

Step 1 - Create /etc/security/opasswd file user and group should be root and permission 600/

Step 2 - open /etc/pam.d/system-auth file and put the remember=
[root@oc3716188470 pam.d]# cat /etc/pam.d/system-auth
#%PAM-1.0
auth       required     pam_shells.so
auth       required     pam_unix.so likeauth nullok try_first_pass
auth       required     pam_nologin.so
#
account    required     pam_unix.so
#
password   required     pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users
password   sufficient   pam_unix.so remember=8 nullok use_authtok md5 shadow remember=7
password   required     pam_deny.so
#
session    required     pam_limits.so
session    required     pam_unix.so
session    optional     pam_console.so
[root@oc3716188470 pam.d]#

==================================

How to enable Password Complexity
==================================
Open /etc/pam.d/system-auth and append this line my example say Forces users to use a password with a length of 8 characters, at least 1 lower-case, 1 upper-case, 2 digits and 1 special character.

password required pam_cracklib.so minlen=8 lcredit=-1 ucredit=-1 dcredit=-2 ocredit=-1 difok=4

==================================

How to enable Account Lockout after 3 failed login.
==================================

Open /etc/pam.d/system-auth and append this line.

aauth       required     pam_tally.so onerr=fail no_magic_root

account     required      pam_tally.so deny=3 no_magic_root reset

The options used above are described below:

    onerr=fail

    If something strange happens, such as unable to open the file, this determines how the module should react.

    no_magic_root

    This is used to indicate that if the module is invoked by a user with uid=0, then the counter is incremented. The sys-admin should use this for            daemon-launched services, like telnet/rsh/login.

    deny=3The deny=3 option is used to deny access if tally for this user exceeds 3.

    reset

    The reset option instructs the module to reset count to 0 on successful entry.

=======================

How to enable Password Expiry
=======================

# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   90
PASS_MIN_DAYS   1
PASS_MIN_LEN    8
PASS_WARN_AGE   7

Linux User Acccount Security Settings: How to ??

Post a Comment

0 Comments

Labels

Popular Posts

Public key for *.rpm is not installed : How to resolve ??

How to prevent Merge and Commit for particular branch in Git ??

EFI SHELL COMMANDS - Quick Reference

NTP - xntpd configuration in HPUX

Redhat Cluster - Interview Questions and Answers: Part 1

EDITOR PICKS

Public key for *.rpm is not installed : How to resolve ??

How to prevent Merge and Commit for particular branch in Git ??

EFI SHELL COMMANDS - Quick Reference

OPSLIB.COM

Linux User Acccount Security Settings: How to ??

You may like these posts

Post a Comment

0 Comments

Labels

Popular Posts

Social Plugin

EDITOR PICKS

OPSLIB.COM