 Other OS Configs

o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
Server o Pri
World o Po
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
Ubuntu 20.04
 Install Ubuntu
o
o
o
o
o
o
o
o
o
o
o
 NTP / SSH Server
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 DNS / DHCP Server
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Storage Server
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Virtualization
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Container Platform
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Cloud Compute
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Directory Server
o
o
o
o
o
o
o
o
o
o
o
o
o
 Web Server
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Database
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 FTP / File Server
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Mail Server
o
o
o
o
o
o
o
o
o
o
 Proxy Server
o
o
o
o
o
o
o
o
o
o
o
o
 Monitoring
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
 Desktop / Others
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
Sponsored Link

Set Password Rules

2020/09/07
  Set Password Rules with [pam_pwquality] module.

[1] Install password quality checking library.

root@dlp:~# 
apt -y install libpam-pwquality
[2] Set number of days for password Expiration.
Users must change their password within the days.
This setting impacts only when creating a user, not impacts to exisiting users.
If set to exisiting users, run the command [chage -M (days) (user)].
root@dlp:~# 
vi /etc/login.defs

# line 160: set password Expiration days (example below means 60

days)

PASS_MAX_DAYS 
60
[3] Set minimum number of days available of password.
Users must use their password at least this days after changing it.
This setting impacts only when creating a user, not impacts to exisiting users.
If set to exisiting users, run the command [chage -m (days) (user)].
root@dlp:~# 
vi /etc/login.defs

# lirne 161: minimum number of days available (example below means

1 day)

PASS_MIN_DAYS 
1
[4] Set number of days for warnings before expiration.
This setting impacts only when creating a user, not impacts to exisiting users.
If set to exisiting users, run the command [chage -W (days) (user)].
root@dlp:~# 
vi /etc/login.defs

# line 162: set number of days for warnings (example below means 7
day)

PASS_WARN_AGE 
7
[5] Limit using a password that was used in past.
Users can not set the same password within the generation.
root@dlp:~# 
vi /etc/pam.d/common-password

# line 26: add [remember=*] (example below means 5 gen)

password [success=1 default=ignore] pam_unix.so obscure

use_authtok try_first_pass sha512 remember=5

[6] Set minimum password length.

Users can not set thier password length less than this parameter.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 11: uncomment and set minimum length (example below means 8
char)
 minlen = 
8
[7] Set minimum number of required classes of characters for the new password.
(kinds ⇒ UpperCase / LowerCase / Digits / Others)
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 34: uncomment and set parameter (example below means 2

kinds)

minclass = 
2
[8] Set maximum number of allowed consecutive same characters in the new
password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 38: uncomment and set parameter (example below means 2

char)

maxrepeat = 
2
[9] Set maximum number of allowed consecutive characters of the same class in the
new password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 43: uncomment and set parameter (example below means 4

kinds)

maxclassrepeat = 
4
[10] Require at least one lowercase character in the new password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 25: uncomment and set parameter (example below means 1

char)

lcredit = 
-1
[11] Require at least one uppercase character in the new password.
root@dlp:~# 
vi /etc/security/pwquality.conf
 # line 20: uncomment and set parameter (example below means 1
char)

ucredit = 
-1
[12] Require at least one digit in the new password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 15: uncomment and set parameter (example below means 1

char)

dcredit = 
-1
[13] Require at least one other character in the new password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 30: uncomment and set parameter (example below means 1

char)

ocredit = 
-1
[14] Set maximum length of monotonic character sequences in the new password.
(ex ⇒ '12345', 'fedcb')
root@dlp:~# 
vi /etc/security/pwquality.conf

# add to the end (example below means 2 characters are allowed but
more than 3 characters are not allowed)

maxsequence = 2
[15] Set number of characters in the new password that must not be present in the
old password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# line 6: uncomment and set parameter (example below means 5 char)

difok = 
5
[16] Check whether the words longer than 3 characters from the GECOS field of the
user's passwd entry are contained in the new password.
root@dlp:~# 
vi /etc/security/pwquality.conf
 # line 47: uncomment and change to enabled

gecoscheck = 
1
[17] Set space separated list of words that must not be contained in the password.
root@dlp:~# 
vi /etc/security/pwquality.conf

# add to the end

badwords = denywords1 denywords2 denywords3

M a t c h e d C o n t e n t
Copyright © 2007- 2020 Server World All Rights Reserved.    
Loading ...