thr3ads.net - CentOS - [CentOS] RE: Strong security in user's accounts and paswords..[SOLVE] [Feb 2008]

If this information is useful, please help other people find it:
Share via:

israel.garcia at cimex.com.cu

2008-Feb-04 16:46 UTC

[CentOS] RE: Strong security in user's accounts and paswords..[SOLVE]

Hi Mark and thanks for your soon answer.. I found this excellent guide
on internet http://www.puschitz.com/SecuringLinux.shtml... here I could
fine all I was looking for about securing my database server running on
CentOS..
 
Regards
Israel,
 
 >I'm running RHEL 4.6 and am using the features you are looking to
>implement.  PAM is the direction to look.   I have included my
>/etc/pam.d/system-auth file as example:
 >#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth        required      /lib/security/$ISA/pam_env.so
>#       The following was added on 12-Apr-06 to count failed password
>and "su" attempts
>auth    required        /lib/security/$ISA/pam_tally.so onerr=fail
no_magic_root>#       End of changes
>auth        sufficient    /lib/security/$ISA/pam_unix.so likeauthnullok>>
auth        required      /lib/security/$ISA/pam_deny.so
 >account     required      /lib/security/$ISA/pam_unix.so
>#       The following was added on 12-Apr-06 to count failed password
>and "su" attempts
>account     required      /lib/security/$ISA/pam_tally.so per_user
>deny=3 no_magic_root reset
#       End of changes>account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid <
100 quiet>account     required      /lib/security/$ISA/pam_permit.so 
#password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
#password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3
#  Changed to 15 character length password
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3
# Remember the last 15 passwords
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow remember=15
password    required      /lib/security/$ISA/pam_deny.so
 
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
~
 
I haven't dealt with this for a while so there my be other changes
required.  This should be a start for a search with your favorite
search engine.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20080204/84d8737f/attachment-0001.html>

Seemingly Similar Threads

Search for more maybe matching threads

CentOS - Feb 2008 - RE: Strong security in user's accounts and paswords..[SOLVE]

[CentOS] RE: Strong security in user's accounts and paswords..[SOLVE]

Seemingly Similar Threads

Wisdom of the Ancients