Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Program-Settings"

From Vista Ridge Cyberpatriot
Jump to navigation Jump to search
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
When you need to mess with security policy in Linux a need to know command to start diving in is "sudo nano /etc/security/pwquality.conf". This command can help with accessing the security policy of linux and editing it.
+
==Password Security==
 
 
Two other useful files are <code>/etc/pam.d/common-password</code> and <code>/etc/login.defs</code>
 
 
===Minimum Password Length===
 
===Minimum Password Length===
This file controls the minimum password length, whether previous passwords are remembered, and whether dictionary-based password checks are enabled.
 
 
# <code>sudo nano /etc/pam.d/common-password</code>
 
# <code>sudo nano /etc/pam.d/common-password</code>
 
# The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: <code>password  [success=1 default=ignore]  pam_unix.so obscure yescrypt minlen=10</code>
 
# The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: <code>password  [success=1 default=ignore]  pam_unix.so obscure yescrypt minlen=10</code>
 +
 
===Dictionary Based Password Checks===
 
===Dictionary Based Password Checks===
 
# <code>sudo nano /etc/pam.d/common-password</code>
 
# <code>sudo nano /etc/pam.d/common-password</code>
 
# Dictionary-based password checks can be enabled by adding the line <code>password requisite pam_pwquality.so</code> to the end of the file
 
# Dictionary-based password checks can be enabled by adding the line <code>password requisite pam_pwquality.so</code> to the end of the file
 
#* This is important because it prevents users from using common words in their password
 
#* This is important because it prevents users from using common words in their password
===Remembering Previous Passwords===
+
===Prevent Duplicate Passwords===
 
# <code>sudo nano /etc/pam.d/common-password</code>
 
# <code>sudo nano /etc/pam.d/common-password</code>
# Enabling previous passwords being remembered can be enabled by adding the line <code>password required pam_unix.so remember=5</code> to the end of the file
+
# Duplicate passwords can be prevented by adding the line <code>password required pam_unix.so remember=5</code> to the end of the file
#* This is important because it will prevent users from using the same password multiple times
+
#* This will make the system remember past passwords so that users can't use the same password multiple times.
 +
 
 
===Max/Min password age===
 
===Max/Min password age===
This file determines the maximum/minimum password age
 
 
# <code>sudo nano /etc/login.defs</code>
 
# <code>sudo nano /etc/login.defs</code>
# Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30, and set PASS_MIN_DAYS equal to 5.
+
# Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30.
 +
#* This is important because it requires users to change their password every 30 days
 +
 
 +
===Null Passwords Do Not Authenticate===
 +
# <code>sudo nano /etc/pam.d/common-auth</code>
 +
# Find any line that contains the word "nullock" and delete that word.
 +
 
 +
==Other==
 +
===Disable IPv4 Forwarding===
 +
# <code>sudo nano /etc/sysctl.conf</code>
 +
# Add the line <code>net.ipv4.ip_forward=0</code> to the end of the file
 +
# <code>sudo sysctl -p</code> (this applies the settings)
 +
# Use the command <code>sysctl net.ipv4.ip_forward</code> to check if it's disabled (0 means it's disabled)

Latest revision as of 22:22, 19 September 2024

Password Security[edit | edit source]

Minimum Password Length[edit | edit source]

  1. sudo nano /etc/pam.d/common-password
  2. The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10

Dictionary Based Password Checks[edit | edit source]

  1. sudo nano /etc/pam.d/common-password
  2. Dictionary-based password checks can be enabled by adding the line password requisite pam_pwquality.so to the end of the file
    • This is important because it prevents users from using common words in their password

Prevent Duplicate Passwords[edit | edit source]

  1. sudo nano /etc/pam.d/common-password
  2. Duplicate passwords can be prevented by adding the line password required pam_unix.so remember=5 to the end of the file
    • This will make the system remember past passwords so that users can't use the same password multiple times.

Max/Min password age[edit | edit source]

  1. sudo nano /etc/login.defs
  2. Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30.
    • This is important because it requires users to change their password every 30 days

Null Passwords Do Not Authenticate[edit | edit source]

  1. sudo nano /etc/pam.d/common-auth
  2. Find any line that contains the word "nullock" and delete that word.

Other[edit | edit source]

Disable IPv4 Forwarding[edit | edit source]

  1. sudo nano /etc/sysctl.conf
  2. Add the line net.ipv4.ip_forward=0 to the end of the file
  3. sudo sysctl -p (this applies the settings)
  4. Use the command sysctl net.ipv4.ip_forward to check if it's disabled (0 means it's disabled)