Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial?
Thanks in advance Regards Israel
I'm running RHEL 4.6 and am using the features you are looking to implement. PAM is the direction to look. I have included my /etc/pam.d/system-auth file as example:
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so # The following was added on 12-Apr-06 to count failed password and "su" attempts auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root # End of changes auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so # The following was added on 12-Apr-06 to count failed password and "su" attempts account required /lib/security/$ISA/pam_tally.so per_user deny=3 no_magic_root reset # End of changes account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so
#password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=15 password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so ~
I haven't dealt with this for a while so there my be other changes required. This should be a start for a search with your favorite search engine.
On Feb 4, 2008 7:56 AM, israel.garcia@cimex.com.cu wrote:
Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial?
Thanks in advance Regards Israel _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
israel.garcia@cimex.com.cu -
Mark Van Bogart