1. 보안 설치하기 libpam-pwquailty
- $ apt-get install libpam-pwquality
- 수정하기
-- $ vi /etc/login.defs
-- PASS_MAX_DAYS 30
-- PASS_MIN_DAYS 2
-- PASS_WARN_AGE 7
- 현재 패스워드 정책 수정
-- $ chage -M 30 -m 2 -W 7 kyoulee
-- $ chage -M 30 -m 2 -W 7 root
- 패스워드 설정
-- $ vi /etc/security/pwquallty.conf
-- 수정
더보기
# Configuration for systemwide password quality limits
# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
difok = 7
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
minlen = 10
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
dcredit = -1
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
ucredit = -1
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
# lcredit = 0
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
# ocredit = 0
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
maxrepeat = 3
#
# The maximum number of allowed consecutive characters of the same class in the
# new password.
# The check is disabled if the value is 0.
# maxclassrepeat = 0
#
# Whether to check for the words from the passwd entry GECOS string of the user.
# The check is enabled if the value is not 0.
gecoscheck = 1
#
# Whether to check for the words from the cracklib dictionary.
# The check is enabled if the value is not 0.
# dictcheck = 1
#
# Whether to check if it contains the user name in some form.
# The check is enabled if the value is not 0.
usercheck = 1
#
# Length of substrings from the username to check for in the password
# The check is enabled if the value is greater than 0 and usercheck is enabled.
# usersubstr = 0
#
# Whether the check is enforced by the PAM module and possibly other
# applications.
# The new password is rejected if it fails the check and the value is not 0.
# enforcing = 1
#
# Path to the cracklib dictionaries. Default is to use the cracklib default.
# dictpath =
#
# Prompt user at most N times before returning with error. The default is 1.
# retry = 3
#
# Enforces pwquality checks on the root user password.
# Enabled if the option is present.
enforce_for_root
#
# Skip testing the password quality for users that are not present in the
# /etc/passwd file.
# Enabled if the option is present.
# local_users_only- 패스워드 바꾸기
-- $passwd kyoulee
-- 비번~
- 수도 옵션주기
-- apt-get install sudo
- sudo adduser kyoulee sudo
- sudo groupadd user42
- sudo adduser kyoulee sudo
'서울42 > born2beroot' 카테고리의 다른 글
| 6. 42seoul Born2beroot web 설정하기 (0) | 2022.04.18 |
|---|---|
| 5. 42seoul Born2beroot snapshot (0) | 2022.04.18 |
| 4. 42seoul Born2beroot monitoring (0) | 2022.04.18 |
| 2. 42seoul Born2beroot ssh 만들기 (0) | 2022.04.18 |
| 1. 42seoul Born2beroot 파티션 (byte)까지 맞추기 (0) | 2022.04.18 |
Or71nH