密码策略之禁止使用旧密码
sudo vim /etc/pam.d/common-password #找到 password required pam_unix.so模块添加 #表示禁止使用最近使用过的五个密码
password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5
查看模块有什么配置
ubuntu的模块存放在/lib/x86_64-linux-gnu/security 查看有什么内容 man pam_cracklib
ubuntu设置密码复杂度(所有用户)
apt-get install libpam-cracklib
password requsite pam_cracklib.so retry=3 minlen=8 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 enforce_for_root
#模块解释
pam_tally2 This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attemptsfail
pam_faillock 模块是进阶版
pam_cracklib This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for password
一分钟内仅允许 5 次登录失败的尝试,超过 5次,登录帐号锁定 1 分钟。(所有用户)
cd /etc/pam.d
vim login
auth optional pam_faillock.so deny=5 unlock_time=60 even_deny_root root_unlock_time=60
#lock_time 代表一次失败封多长时间
#unlock_time代表几次失败封多长时间
标签:系统安全,time,so,模块,ubuntu,加固,password,pam From: https://www.cnblogs.com/lisenMiller/p/17283543.html