Linux 密码策略配置
环境 Centos 7.9
#!/bin/bash
#密码过期时间(天)
outDay=90
#禁止使用最近的五个旧密码
remember=5
#至少包含一个大写字母
ucredit=-1
#至少包含两个小写字母
lcredit=-2
#至少包含一个数字
dcredit=-1
#至少包含一个标点符号
ocredit=-1
#禁止使用旧密码
comm=$(cat /etc/pam.d/system-auth |grep "password sufficient pamunix.so" |wc -l)
if [ $comm -gt 0 ]
then
sed -i s/^'password sufficient pamunix.so'.*$/'password sufficient pamunix.so sha512 shadow nullok tryfirstpass useauthtok remember='$remember/g /etc/pam.d/system-auth
else
echo "password sufficient pamunix.so sha512 shadow nullok tryfirstpass useauthtok remember=$remember" >> /etc/pam.d/system-auth
fi
#设置密码复杂度、最短密码长度
comm=$(cat /etc/pam.d/system-auth |grep "password requisite pam_cracklib.so" |wc -l)
if [ $comm -gt 0 ]
then
sed -i s/^'password requisite pam_cracklib.so'.*$/'password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit='$ucredit' lcredit='$lcredit' dcredit='$dcredit' ocredit='$ocredit''/g /etc/pam.d/system-auth
else
echo "password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=$ucredit lcredit=$lcredit dcredit=$dcredit ocredit=$ocredit" >> /etc/pam.d/system-auth
fi
#设置密码过期时间
comm=$(cat /etc/login.defs |grep "PASS_MAX_DAYS" |wc -l)
if [ $comm -gt 0 ]
then
sed -i s/^'PASS_MAX_DAYS'.*$/'PASS_MAX_DAYS '$outDay''/g /etc/login.defs
else
echo "PASS_MAX_DAYS" >> /etc/login.defs
fi