Script to enforce password authentication policy
8 views
Skip to first unread message
Alex_hunt
Mar 27, 2012, 2:28:07 AM3/27/12
to RedHat.hclcdc.janakpuri
Dear All
I want a script for enforcing password authentication on linux
systems.
Password Requirements:
Min password lenghth =6
Max password lenghth =8
PASS_MAX_DAYS 45
PASS_MIN_DAYS 7
PASS_WARN_AGE 10
Account should be lockout for 5 min after 5 unsuccessful attempt
Password must contain an uppercase letter and a digit.
Script should be such that authentication should apply on all users on
the system as there are multiple users using the same machine.
I had found something relevant to this,please have a look
usr/bin/chage -m 7 -M 45 -W 10 username
echo password requisite /lib/security/pam_cracklib.so retry=3 minlen=6
lcredit=1 ucredit=1 dcredit=1 ocredit=0 >> /etc/pam.d/system-auth #to
enforce password complexity
#Password History
touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd
#to stop using last 15 password
echo password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow remember=15 >> /etc/pam.d/system-auth
#Account Lockout
touch /var/log/faillog
chown root:root /var/log/faillog
chmod 600 /var/log/faillog
echo auth required /lib/security/pam_tally.so onerr=fail deny=5
unlock_time=300 >> /etc/pam.d/system-auth
echo account required /lib/security/pam_tally.so >> /etc/
pam.d/system-auth
problem is that how to fetch all users whose uid is greater than 500
and put it in chage command
I want a script for enforcing password authentication on linux
systems.
Password Requirements:
Min password lenghth =6
Max password lenghth =8
PASS_MAX_DAYS 45
PASS_MIN_DAYS 7
PASS_WARN_AGE 10
Account should be lockout for 5 min after 5 unsuccessful attempt
Password must contain an uppercase letter and a digit.
Script should be such that authentication should apply on all users on
the system as there are multiple users using the same machine.
I had found something relevant to this,please have a look
usr/bin/chage -m 7 -M 45 -W 10 username
echo password requisite /lib/security/pam_cracklib.so retry=3 minlen=6
lcredit=1 ucredit=1 dcredit=1 ocredit=0 >> /etc/pam.d/system-auth #to
enforce password complexity
#Password History
touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd
#to stop using last 15 password
echo password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow remember=15 >> /etc/pam.d/system-auth
#Account Lockout
touch /var/log/faillog
chown root:root /var/log/faillog
chmod 600 /var/log/faillog
echo auth required /lib/security/pam_tally.so onerr=fail deny=5
unlock_time=300 >> /etc/pam.d/system-auth
echo account required /lib/security/pam_tally.so >> /etc/
pam.d/system-auth
problem is that how to fetch all users whose uid is greater than 500
and put it in chage command
Reply all
Reply to author
Forward
0 new messages