Linux 密码策略配置
环境 Centos 7.9
- #!/bin/bash
-
-
- outDay=90
-
- remember=5
-
-
- ucredit=-1
-
- lcredit=-2
-
- dcredit=-1
-
- ocredit=-1
-
-
-
-
- comm=$(cat /etc/pam.d/system-auth |grep "password sufficient pamunix.so" |wc -l)
- if [ $comm -gt 0 ]
- then
- sed -i s/^'password sufficient pamunix.so'.*$/'password sufficient pamunix.so sha512 shadow nullok tryfirstpass useauthtok remember='$remember/g /etc/pam.d/system-auth
- else
- echo "password sufficient pamunix.so sha512 shadow nullok tryfirstpass useauthtok remember=$remember" >> /etc/pam.d/system-auth
- fi
-
-
- comm=$(cat /etc/pam.d/system-auth |grep "password requisite pam_cracklib.so" |wc -l)
- if [ $comm -gt 0 ]
- then
- sed -i s/^'password requisite pam_cracklib.so'.*$/'password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit='$ucredit' lcredit='$lcredit' dcredit='$dcredit' ocredit='$ocredit''/g /etc/pam.d/system-auth
- else
- echo "password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=$ucredit lcredit=$lcredit dcredit=$dcredit ocredit=$ocredit" >> /etc/pam.d/system-auth
- fi
-
-
- comm=$(cat /etc/login.defs |grep "PASS_MAX_DAYS" |wc -l)
- if [ $comm -gt 0 ]
- then
- sed -i s/^'PASS_MAX_DAYS'.*$/'PASS_MAX_DAYS '$outDay''/g /etc/login.defs
- else
- echo "PASS_MAX_DAYS" >> /etc/login.defs
- fi
-