thr3ads.net - CentOS - [CentOS] Strong security in user's accounts and paswords.. [Feb 2008]

If this information is useful, please help other people find it:
Share via:

israel.garcia at cimex.com.cu

2008-Feb-04 13:56 UTC

[CentOS] Strong security in user's accounts and paswords..

Hi, I have some databases running on CentOS4 with users accessing the
shell (bash), so I'd like to strong the security on my server in user's
accounts and passwords.. I mean, enforcing strong passwords, min/max age
passwords, locking passwords when you fail 3 times, and all this stuff.
Is there any package which do this work? Any tutorial?

Thanks in advance
Regards
Israel

Mark Van Bogart

2008-Feb-04 14:13 UTC

head link

[CentOS] Strong security in user's accounts and paswords..

I'm running RHEL 4.6 and am using the features you are looking to
implement.  PAM is the direction to look.   I have included my
/etc/pam.d/system-auth file as example:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
#       The following was added on 12-Apr-06 to count failed password
and "su" attempts
auth    required        /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
#       End of changes
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
#       The following was added on 12-Apr-06 to count failed password
and "su" attempts
account     required      /lib/security/$ISA/pam_tally.so per_user
deny=3 no_magic_root reset
#       End of changes
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account     required      /lib/security/$ISA/pam_permit.so

#password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
#password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3
#  Changed to 15 character length password
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3
# Remember the last 15 passwords
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow remember=15
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
~

I haven't dealt with this for a while so there my be other changes
required.  This should be a start for a search with your favorite
search engine.

On Feb 4, 2008 7:56 AM,  <israel.garcia at cimex.com.cu>
wrote:> Hi, I have some databases running on CentOS4 with users accessing the
> shell (bash), so I'd like to strong the security on my server in
user's
> accounts and passwords.. I mean, enforcing strong passwords, min/max age
> passwords, locking passwords when you fail 3 times, and all this stuff.
> Is there any package which do this work? Any tutorial?
>
> Thanks in advance
> Regards
> Israel
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Seemingly Similar Threads

Search for more possibly parallel threads

CentOS - Feb 2008 - Strong security in user's accounts and paswords..

[CentOS] Strong security in user's accounts and paswords..

[CentOS] Strong security in user's accounts and paswords..

Seemingly Similar Threads