如何在Linux上设置密码策略 linux如何设置密码规则
\u5982\u4f55\u5728 Linux \u4e0a\u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\u7528\u6237\u5e10\u53f7\u7ba1\u7406\u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u6700\u91cd\u8981\u7684\u5de5\u4f5c\u4e4b\u4e00\u3002\u800c\u5bc6\u7801\u5b89\u5168\u662f\u7cfb\u7edf\u5b89\u5168\u4e2d\u6700\u53d7\u5173\u6ce8\u7684\u4e00\u5757\u3002\u5728\u672c\u6559\u7a0b\u4e2d\uff0c\u6211\u5c06\u4e3a\u5927\u5bb6\u4ecb\u7ecd\u5982\u4f55\u5728 Linux \u4e0a\u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\u3002
\u3000\u3000\u5047\u8bbe\u4f60\u5df2\u7ecf\u5728\u4f60\u7684 Linux \u7cfb\u7edf\u4e0a\u4f7f\u7528\u4e86 PAM (Pluggable Authentication Modules\uff0c\u63d2\u5165\u5f0f\u9a8c\u8bc1\u6a21\u5757)\uff0c\u8fd9\u4e9b\u5e74\u51e0\u4e4e\u6240\u6709\u7684 Linux \u53d1\u884c\u7248\u90fd\u5728\u4f7f\u7528\u5b83\u3002
\u3000\u3000\u51c6\u5907\u5de5\u4f5c
\u3000\u3000\u5b89\u88c5 PAM \u7684 cracklib \u6a21\u5757\uff0ccracklib \u80fd\u63d0\u4f9b\u989d\u5916\u7684\u5bc6\u7801\u68c0\u67e5\u80fd\u529b\u3002
\u3000\u3000Debian\u3001Ubuntu \u6216 Linux Mint \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo apt-get install libpam-cracklib
\u3000\u3000CentOS\u3001Fedora\u3001RHEL \u7cfb\u7edf\u5df2\u7ecf\u9ed8\u8ba4\u5b89\u88c5\u4e86 cracklib PAM \u6a21\u5757\uff0c\u6240\u4ee5\u5728\u8fd9\u4e9b\u7cfb\u7edf\u4e0a\u65e0\u9700\u6267\u884c\u4e0a\u9762\u7684\u64cd\u4f5c\u3002
\u3000\u3000\u4e3a\u4e86\u5f3a\u5236\u5b9e\u65bd\u5bc6\u7801\u7b56\u7565\uff0c\u6211\u4eec\u9700\u8981\u4fee\u6539 /etc/pam.d \u76ee\u5f55\u4e0b\u7684 PAM \u914d\u7f6e\u6587\u4ef6\u3002\u4e00\u65e6\u4fee\u6539\uff0c\u7b56\u7565\u4f1a\u9a6c\u4e0a\u751f\u6548\u3002
\u3000\u3000\u6ce8\u610f\uff1a\u6b64\u6559\u7a0b\u4e2d\u7684\u5bc6\u7801\u7b56\u7565\u53ea\u5bf9\u975e root \u7528\u6237\u6709\u6548\uff0c\u5bf9 root \u7528\u6237\u65e0\u6548\u3002
\u3000\u3000\u7981\u6b62\u4f7f\u7528\u65e7\u5bc6\u7801
\u3000\u3000\u627e\u5230\u540c\u65f6\u6709 \u201cpassword\u201d \u548c \u201cpam_unix.so\u201d \u5b57\u6bb5\u5e76\u4e14\u9644\u52a0\u6709 \u201cremember=5\u201d \u7684\u90a3\u884c\uff0c\u5b83\u8868\u793a\u7981\u6b62\u4f7f\u7528\u6700\u8fd1\u7528\u8fc7\u76845\u4e2a\u5bc6\u7801(\u5df1\u4f7f\u7528\u8fc7\u7684\u5bc6\u7801\u4f1a\u88ab\u4fdd\u5b58\u5728 /etc/security/opasswd \u4e0b\u9762)\u3002
\u3000\u3000Debian\u3001Ubuntu \u6216 Linux Mint \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/common-password password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5
\u3000\u3000CentOS\u3001Fedora\u3001RHEL \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/system-auth password sufficient pamunix.so sha512 shadow nullok tryfirstpass useauthtok remember=5
\u3000\u3000\u8bbe\u7f6e\u6700\u77ed\u5bc6\u7801\u957f\u5ea6
\u3000\u3000\u627e\u5230\u540c\u65f6\u6709 \u201cpassword\u201d \u548c \u201cpam_cracklib.so\u201d \u5b57\u6bb5\u5e76\u4e14\u9644\u52a0\u6709 \u201cminlen=10\u201d \u7684\u90a3\u884c\uff0c\u5b83\u8868\u793a\u6700\u5c0f\u5bc6\u7801\u957f\u5ea6\u4e3a(10 - \u7c7b\u578b\u6570\u91cf)\u3002\u8fd9\u91cc\u7684 \u201c\u7c7b\u578b\u6570\u91cf\u201d \u8868\u793a\u4e0d\u540c\u7684\u5b57\u7b26\u7c7b\u578b\u6570\u91cf\u3002PAM \u63d0\u4f9b4\u79cd\u7c7b\u578b\u7b26\u53f7\u4f5c\u4e3a\u5bc6\u7801(\u5927\u5199\u5b57\u6bcd\u3001\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u6807\u70b9\u7b26\u53f7)\u3002\u5982\u679c\u4f60\u7684\u5bc6\u7801\u540c\u65f6\u7528\u4e0a\u4e86\u8fd94\u79cd\u7c7b\u578b\u7684\u7b26\u53f7\uff0c\u5e76\u4e14\u4f60\u7684 minlen \u8bbe\u4e3a10\uff0c\u90a3\u4e48\u6700\u77ed\u7684\u5bc6\u7801\u957f\u5ea6\u5141\u8bb8\u662f6\u4e2a\u5b57\u7b26\u3002
\u3000\u3000Debian\u3001Ubuntu \u6216 Linux Mint \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/common-password password requisite pam_cracklib.so retry=3 minlen=10 difok=3
\u3000\u3000CentOS\u3001Fedora\u3001RHEL \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/system-auth password requisite pam_cracklib.so retry=3 difok=3 minlen=10
\u3000\u3000\u8bbe\u7f6e\u5bc6\u7801\u590d\u6742\u5ea6
\u3000\u3000\u627e\u5230\u540c\u65f6\u6709 \u201cpassword\u201d \u548c \u201cpam_cracklib.so\u201d \u5b57\u6bb5\u5e76\u4e14\u9644\u52a0\u6709 \u201cucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1\u201d \u7684\u90a3\u884c\uff0c\u5b83\u8868\u793a\u5bc6\u7801\u5fc5\u987b\u81f3\u5c11\u5305\u542b\u4e00\u4e2a\u5927\u5199\u5b57\u6bcd(ucredit)\uff0c\u4e24\u4e2a\u5c0f\u5199\u5b57\u6bcd(lcredit)\uff0c\u4e00\u4e2a\u6570\u5b57(dcredit)\u548c\u4e00\u4e2a\u6807\u70b9\u7b26\u53f7(ocredit)\u3002
\u3000\u3000Debian\u3001Ubuntu \u6216 Linux Mint \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/common-password password requisite pam_cracklib.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1
\u3000\u3000CentOS\u3001Fedora\u3001RHEL \u7cfb\u7edf\u4e0a\uff1a
\u3000\u3000$ sudo vi /etc/pam.d/system-auth password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1
\u3000\u3000\u8bbe\u7f6e\u5bc6\u7801\u8fc7\u671f\u671f\u9650
\u3000\u3000\u7f16\u8f91 /etc/login.defs \u6587\u4ef6\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u5f53\u524d\u5bc6\u7801\u7684\u6709\u6548\u671f\u9650\uff0c\u5177\u4f53\u53d8\u91cf\u5982\u4e0b\u6240\u793a\uff1a
\u3000\u3000$ sudo vi /etc/login.defs PASSMAXDAYS 150 PASSMINDAYS 0 PASSWARNAGE 7
\u3000\u3000\u8fd9\u4e9b\u8bbe\u7f6e\u8981\u6c42\u7528\u6237\u6bcf6\u4e2a\u6708\u6539\u53d8\u4ed6\u4eec\u7684\u5bc6\u7801\uff0c\u5e76\u4e14\u4f1a\u63d0\u524d7\u5929\u63d0\u9192\u7528\u6237\u5bc6\u7801\u5feb\u5230\u671f\u4e86\u3002
\u3000\u3000\u5982\u679c\u4f60\u60f3\u4e3a\u6bcf\u4e2a\u7528\u6237\u8bbe\u7f6e\u4e0d\u540c\u7684\u5bc6\u7801\u671f\u9650\uff0c\u4f7f\u7528 chage \u547d\u4ee4\u3002\u4e0b\u9762\u7684\u547d\u4ee4\u53ef\u4ee5\u67e5\u770b\u67d0\u4e2a\u7528\u6237\u7684\u5bc6\u7801\u9650\u671f\uff1a
\u3000\u3000$ sudo chage -l xmodulo Last password change : Dec 30, 2013 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
\u3000\u3000\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u7528\u6237\u7684\u5bc6\u7801\u6c38\u4e0d\u8fc7\u671f\u3002
\u3000\u3000\u4e0b\u9762\u7684\u547d\u4ee4\u7528\u4e8e\u4fee\u6539 xmodulo \u7528\u6237\u7684\u5bc6\u7801\u671f\u9650\uff1a
\u3000\u3000$ sudo chage -E 6/30/2014 -m 5 -M 90 -I 30 -W 14 xmodulo
\u3000\u3000\u4e0a\u9762\u7684\u547d\u4ee4\u5c06\u5bc6\u7801\u671f\u9650\u8bbe\u4e3a2014\u5e746\u67083\u65e5\u3002\u53e6\u5916\uff0c\u4fee\u6539\u5bc6\u7801\u7684\u6700\u77ed\u5468\u671f\u4e3a5\u5929\uff0c\u6700\u957f\u5468\u671f\u4e3a90\u5929\u3002\u5bc6\u7801\u8fc7\u671f\u524d14\u5929\u4f1a\u53d1\u9001\u6d88\u606f\u63d0\u9192\u7528\u6237\uff0c\u8fc7\u671f\u540e\u5e10\u53f7\u4f1a\u88ab\u9501\u4f4f30\u5929\u3002
linux\u666e\u901a\u7528\u6237\u4fee\u6539\u5bc6\u7801\uff08\u8bbe\u7f6e\u7b80\u5355\u5bc6\u7801\uff09
绛旓細/etc/shadow 杩欎釜鏂囦欢鍙互閽堝鏌愪釜鐢ㄦ埛璁剧疆涓浜瀵嗙爜绛栫暐锛屼絾鏄唴瀹瑰氨閭d箞鍑犻」锛屼綘鍙互涓婄綉鏌ヤ竴涓嬨傚彟澶/etc/shadow鐨勭瓥鐣ョ瓑绾ц緝楂樸
绛旓細鍗拌薄閲 /etc/shadow 杩欓噷鐨瀵嗙爜鍙互浠 md5sum 鏂瑰紡鏇挎崲涓 sha256sum 銆傝繖鏍峰彲浠ユ彁楂樺畨鍏ㄥ害锛岄槻姝 md5sum 琚埅鍙栧悗琚汉纰版挒鍑烘潵涓涓彲鐢ㄧ殑瀵嗙爜銆備箣鍚庡氨鏄己瀵嗙爜鐨勯棶棰樹簡锛岃繖涓笉鏄郴缁濡備綍璁剧疆鐨勯棶棰橈紝鑰屾槸鐢ㄦ埛濡備綍璁剧疆銆傝嚦灏 12 瀛楄妭锛岀鐞嗗憳鏉冮檺蹇呴』 16 瀛楄妭浠ヤ笂锛屾渶濂芥槸鐢ㄥぇ灏忓啓娣峰悎+鏁板瓧绗﹀彿銆傛渶濂...
绛旓細浠ョ櫨搴︾洏涓轰緥锛堝浗鍐呮瘮杈冮氱敤锛夛紝鍦璁剧疆涓夋嫨鈥滃熀鏈夐」鍗♀濓紝鍦ㄢ滆嚜鍔ㄥ浠解濇爮鐩偣鈥滅鐞嗏濄傜劧鍚庣偣鍑烩滄墜鍔娣诲姞鏂囦欢澶光濓紝閫夋嫨浣犵殑鍔犲瘑鐩綍鍐嶉夋嫨浜戠鏂囦欢澶圭‘瀹氬悗鍕鹃夆滃紑鍚枃浠跺鐗堟湰鈥濆彲浠ヤ繚瀛樹慨鏀瑰巻鍙层傚姝や竴鏉ヤ綘鐨勭綉鐩樻枃浠跺す灏辫瀹屽叏鍔犲瘑浜嗭紝娌℃湁瀵嗙爜璋佷篃鏃犳硶鏌ョ湅浣犵殑鏂囦欢鍐呭銆linux绯荤粺telnet鍛戒护...
绛旓細绛栫暐璁剧疆锛1銆佺姝娇鐢ㄦ棫瀵嗙爜 鎵惧埌鍚屾椂鏈 鈥password鈥 鍜 鈥減am_unix.so鈥 瀛楁骞朵笖闄勫姞鏈 鈥渞emember=5鈥 鐨勯偅琛岋紝瀹冭〃绀虹姝娇鐢ㄦ渶杩戠敤杩囩殑5涓瘑鐮侊紙宸变娇鐢ㄨ繃鐨勫瘑鐮佷細琚繚瀛樺湪 /etc/security/opasswd 涓嬮潰锛夈侱ebian銆乁buntu 鎴 Linux Mint 绯荤粺涓婏細浠g爜濡備笅:sudo vi /etc/pam.d/common-...
绛旓細鏄Linux鏄竴绉嶈嚜鐢卞拰寮鏀炬簮浠g爜鐨勭被UNIX鎿嶄綔绯荤粺锛岃鎿嶄綔绯荤粺鐨勫唴鏍哥敱鏋楃撼鏂墭鐡﹀吂鍦1991骞10鏈5鏃ラ娆″彂甯冦linux绯荤粺淇敼瀵嗙爜绛栫暐鏄厑璁稿寘鍚敤鎴峰悕鐨勶紝瀵嗙爜绛栫暐鐨勫瓨鍦ㄦ槸涓轰簡纭繚涓虹敤鎴璁剧疆涓涓己澶х殑瀵嗙爜銆
绛旓細linux涓淇敼鐢ㄦ埛瀵嗙爜鐨勬柟娉曪細1銆佹墽琛屻恜asswd鐢ㄦ埛鍚嶃戝懡浠わ紱2銆佹牴鎹彁绀鸿緭鍏ユ柊瀵嗙爜锛屽洖杞︼紱3銆佸啀娆¤緭鍏ユ柊瀵嗙爜锛屽洖杞﹀嵆鍙?Linux淇敼瀵嗙爜鐢╬asswd鍛戒护锛岀敤root鐢ㄦ埛杩愯passwd锛宲asswduser_name鍙互璁剧疆鎴栦慨鏀逛换浣曠敤鎴风殑瀵嗙爜锛屾櫘閫氱敤鎴疯繍琛宲asswd鍙兘淇敼瀹冭嚜宸辩殑瀵嗙爜銆傜櫥褰昹inux鎻愮ず淇敼瀵嗙爜锛焞inux鍙互璁剧疆瀵嗙爜绛栫暐...
绛旓細浜屻 璁剧疆瀵嗙爜鏈闀夸娇鐢ㄦ湡闄 婕忔礊姒傝堪锛氬鏈缃瘑鐮佹渶闀夸娇鐢ㄦ湡闄愶紝涓娈垫椂闂村悗瀵嗙爜寰堝彲鑳戒細娴佸嚭锛屽洜鑰岄犳垚鏀诲嚮鑰呯殑闈炴硶璁块棶;瀹夊叏瀵圭瓥锛氫慨鏀瀵嗙爜绛栫暐璁剧疆鏂囦欢锛屽皢瀵嗙爜鏈闀夸娇鐢ㄦ湡闄愯缃负90澶(12鍛);瀹夊叏璁剧疆鏂规硶锛- SunOS cat /etc/default/passwd MAXWEEKS=12 - Linux cat /etc/login.defs PASS_MAX_...
绛旓細linux鍙互璁剧疆瀵嗙爜绛栫暐锛屾彁绀虹敤鎴风櫥褰曞悗淇敼瀵嗙爜鎴栦竴瀹氭湡闄愬悗淇敼瀵嗙爜銆備负浜嗚兘澶熻鐢ㄦ埛鑳藉鍙婃椂鍦颁慨鏀瑰瘑鐮侊紝涓轰簡纭繚鐢ㄦ埛鐨勫畨鍏ㄦэ紝鍙互寮哄埗鐢ㄦ埛鍦ㄤ笅娆$櫥褰曠殑鏃跺欒鐢ㄦ埛閲嶆柊璁剧疆瀵嗙爜銆Linux锛岄氬父琚涓烘槸涓濂楁搷浣滅郴缁燂紝瀹為檯涓婂畠鏄竴绯诲垪Linux鍐呮牳鍩虹涓婂紑鍙戠殑鎿嶄綔绯荤粺鐨勬荤О锛岀幇鍦ㄧ殑Linux涓鑸簲鐢ㄤ簬鏈嶅姟鍣ㄣ佺Щ鍔...
绛旓細濡傛灉浣犳槸瓒呯骇鐢ㄦ埛root锛屾兂瑕佷慨鏀瀵嗙爜绛栫暐锛堟瘮濡傝寮哄埗鐢ㄦ埛瀵嗙爜瀵嗙爜鐨勫鏉傚害锛夛紝涓鑸槸淇敼/etc/login.conf 濡傛灉浣犳槸鏅氱敤鎴凤紝鍙鐢╬asswd鍛戒护淇敼鑷繁鐨勫瘑鐮佸氨鍙互浜嗭紝鍒汉鐨勪綘涓嶇敤绠★紝鎯崇涔熸病鏈夋潈闄
绛旓細鍙互涓嶇敤閲嶅惎绯荤粺锛屼絾鏄綘淇敼鐨绛栫暐濡傛灉褰卞搷鍒颁簡鏌愪釜杞欢锛岄噸鍚偅涓蒋浠舵垨鏈嶅姟鍗冲彲銆傚鏋滃奖鍝嶇殑澶氫簡锛岃繕涓嶅鐩存帴閲嶅惎涓嬨傚叿浣撶湅浣鏀浜嗕粈涔堝唴瀹逛簡銆
