Step 1: 备份etc目录配制

tar -zcvf etc_$(date +%F).tar.gz /etc/

Step 2: 修改/etc/pam.d目录中的system-auto文件为指定的参数

cat >> /etc/pam.d/system-auth <<EOF
### $(date +%F) added ###
password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=8 lcredit=-1 ucredit=-1 dcredit=-4 ocredit=-1 enforce_for_root
EOF

cat >> /etc/pam.d/login <<EOF
### $(date +%F) added ###
auth     required       pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300
auth     required       pam_env.so
auth     required       pam_unix.so
auth     required       pam_nologin.so
account  required       pam_unix.so
password required       pam_unix.so
session  required       pam_limits.so
session  required       pam_unix.so
session  required       pam_lastlog.so nowtmp
session  optional       pam_mail.so standard
EOF

Step 4: 查看配制文件

cat /etc/pam.d/system-auth

cat /etc/pam.d/login

Step 4: 验证配制结果

修改用户密码

预期结果: 密码需要满足复杂性要求,否则无法设置或修改用户密码 * passwd root

* password OTHER-USER

从显示器或远程(KVM/CONSOLE)控制台登录

预期结果: 使用root用户从LOCAL登录,尝试失败超过5次之后root用户锁定, 并在5分钟之后自动恢复为可登录状态.

-  ⇤ ← Revision 10 as of 2022-11-16 09:53:40 → 
  Size: 1437
  Editor: localhost
  Comment:
+   ← Revision 11 as of 2022-11-16 09:54:52 → ⇥
  Size: 1546
  Editor: localhost
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 48:
+预期结果: 密码需要满足复杂性要求,否则无法设置或修改用户密码
-Line 49:
+Line 50:
-Line 50:
+Line 52:
-Line 51:
+Line 55:
-使用root用户从LOCAL登录,尝试失败超过5次之后root用户锁定, 并在5分钟之后自动恢复为可登录状态.
+预期结果: 使用root用户从LOCAL登录,尝试失败超过5次之后root用户锁定, 并在5分钟之后自动恢复为可登录状态.

Diff for "désert/workarea/2022-11-16"