israel.garcia at cimex.com.cu
2008-Feb-04 13:56 UTC
[CentOS] Strong security in user's accounts and paswords..
Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel
Mark Van Bogart
2008-Feb-04 14:13 UTC
[CentOS] Strong security in user's accounts and paswords..
I'm running RHEL 4.6 and am using the features you are looking to implement. PAM is the direction to look. I have included my /etc/pam.d/system-auth file as example: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so # The following was added on 12-Apr-06 to count failed password and "su" attempts auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root # End of changes auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so # The following was added on 12-Apr-06 to count failed password and "su" attempts account required /lib/security/$ISA/pam_tally.so per_user deny=3 no_magic_root reset # End of changes account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=15 password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so ~ I haven't dealt with this for a while so there my be other changes required. This should be a start for a search with your favorite search engine. On Feb 4, 2008 7:56 AM, <israel.garcia at cimex.com.cu> wrote:> Hi, I have some databases running on CentOS4 with users accessing the > shell (bash), so I'd like to strong the security on my server in user's > accounts and passwords.. I mean, enforcing strong passwords, min/max age > passwords, locking passwords when you fail 3 times, and all this stuff. > Is there any package which do this work? Any tutorial? > > Thanks in advance > Regards > Israel > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >