cp etc/login.defs etc/login.defs.bak`date +%Y%m%d`
sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS\t90/g" etc/login.defs
sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS\t7/g" etc/login.defs
sed -i "s/^PASS_WARN_AGE.*/PASS_WARN_AGE\t10/g" etc/login.defs
grep ^PASS_ /etc/login.defs

touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak`date +%Y%m%d`
sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/system-auth
sed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/system-auth
cat /etc/pam.d/system-auth
cp /etc/pam.d/password-auth /etc/pam.d/password-auth.bak`date +%Y%m%d`
sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/password-auth
sed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/password-auth
cat /etc/pam.d/password-auth

sed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/system-auth
sed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/password-auth
cat /etc/pam.d/system-auth /etc/pam.d/password-auth