Hi Mark and thanks for your soon answer.. I found this excellent guide on internet http://www.puschitz.com/SecuringLinux.shtml... here I could fine all I was looking for about securing my database server running on CentOS..

Regards Israel,

I'm running RHEL 4.6 and am using the features you are looking to implement. PAM is the direction to look. I have included my /etc/pam.d/system-auth file as example:

#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so # The following was added on 12-Apr-06 to count failed password and "su" attempts auth required /lib/security/$ISA/pam_tally.so onerr=fail

no_magic_root

# End of changes auth sufficient /lib/security/$ISA/pam_unix.so likeauth

nullok>> auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so # The following was added on 12-Apr-06 to count failed password and "su" attempts account required /lib/security/$ISA/pam_tally.so per_user deny=3 no_magic_root reset

# End of changes

account sufficient /lib/security/$ISA/pam_succeed_if.so uid <

100 quiet

account required /lib/security/$ISA/pam_permit.so

#password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=15 password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so ~

I haven't dealt with this for a while so there my be other changes required. This should be a start for a search with your favorite search engine.