cp etc/login.defs etc/login.defs.bak`date +%Y%m%d`sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS\t90/g" etc/login.defssed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS\t7/g" etc/login.defssed -i "s/^PASS_WARN_AGE.*/PASS_WARN_AGE\t10/g" etc/login.defsgrep ^PASS_ /etc/login.defs
cp etc/login.defs etc/login.defs.bak`date +%Y%m%d`
sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS\t90/g" etc/login.defs
sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS\t7/g" etc/login.defs
sed -i "s/^PASS_WARN_AGE.*/PASS_WARN_AGE\t10/g" etc/login.defs
grep ^PASS_ /etc/login.defs
更多内容请参考:man passwd 、man chage、man login.defs
touch /etc/security/opasswdchown root:root /etc/security/opasswdchmod 600 /etc/security/opasswdcp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak`date +%Y%m%d`sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/system-authsed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/system-authcat /etc/pam.d/system-authcp /etc/pam.d/password-auth /etc/pam.d/password-auth.bak`date +%Y%m%d`sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/password-authsed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/password-authcat /etc/pam.d/password-auth
touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak`date +%Y%m%d`
sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/system-auth
sed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/system-auth
cat /etc/pam.d/system-auth
cp /etc/pam.d/password-auth /etc/pam.d/password-auth.bak`date +%Y%m%d`
sed -i '/password sufficient pam_unix.so/s/$/ remember=5/' /etc/pam.d/password-auth
sed -i '/pam_pwquality.so/s/$/ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12/' /etc/pam.d/password-auth
cat /etc/pam.d/password-auth
更多内容请参考:man pam_pwquality、man pam_unix
sed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/system-authsed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/password-authcat /etc/pam.d/system-auth /etc/pam.d/password-auth
sed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/system-auth
sed -i '4aauth required pam_tally2.so deny=5 Onerr=fail unlock_time=300' /etc/pam.d/password-auth
cat /etc/pam.d/system-auth /etc/pam.d/password-auth
更多内容请参考:man pam_tally2