Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Program-Settings"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| (13 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | ==Password Security== | |
| + | ===Minimum Password Length=== | ||
| + | # <code>sudo nano /etc/pam.d/common-password</code> | ||
| + | # The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: <code>password  [success=1 default=ignore]  pam_unix.so obscure yescrypt minlen=10</code> | ||
| − | + | ===Dictionary Based Password Checks=== | |
| − | === | ||
| − | |||
| # <code>sudo nano /etc/pam.d/common-password</code> | # <code>sudo nano /etc/pam.d/common-password</code> | ||
| − | |||
| # Dictionary-based password checks can be enabled by adding the line <code>password requisite pam_pwquality.so</code> to the end of the file | # Dictionary-based password checks can be enabled by adding the line <code>password requisite pam_pwquality.so</code> to the end of the file | ||
| #* This is important because it prevents users from using common words in their password | #* This is important because it prevents users from using common words in their password | ||
| − | #  | + | ===Prevent Duplicate Passwords=== | 
| − | #* This  | + | # <code>sudo nano /etc/pam.d/common-password</code> | 
| + | # Duplicate passwords can be prevented by adding the line <code>password required pam_unix.so remember=5</code> to the end of the file | ||
| + | #* This will make the system remember past passwords so that users can't use the same password multiple times. | ||
| + | |||
| + | ===Max/Min password age=== | ||
| + | # <code>sudo nano /etc/login.defs</code> | ||
| + | # Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30. | ||
| + | #* This is important because it requires users to change their password every 30 days | ||
| + | |||
| + | ===Null Passwords Do Not Authenticate=== | ||
| + | # <code>sudo nano /etc/pam.d/common-auth</code> | ||
| + | # Find any line that contains the word "nullock" and delete that word. | ||
| + | |||
| + | ==Other== | ||
| + | ===Disable IPv4 Forwarding=== | ||
| + | # <code>sudo nano /etc/sysctl.conf</code> | ||
| + | # Add the line <code>net.ipv4.ip_forward=0</code> to the end of the file | ||
| + | # <code>sudo sysctl -p</code> (this applies the settings) | ||
| + | # Use the command <code>sysctl net.ipv4.ip_forward</code> to check if it's disabled (0 means it's disabled) | ||
Latest revision as of 22:22, 19 September 2024
Password Security[edit | edit source]
Minimum Password Length[edit | edit source]
- sudo nano /etc/pam.d/common-password
- The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10
Dictionary Based Password Checks[edit | edit source]
- sudo nano /etc/pam.d/common-password
- Dictionary-based password checks can be enabled by adding the line password requisite pam_pwquality.soto the end of the file- This is important because it prevents users from using common words in their password
 
Prevent Duplicate Passwords[edit | edit source]
- sudo nano /etc/pam.d/common-password
- Duplicate passwords can be prevented by adding the line password required pam_unix.so remember=5to the end of the file- This will make the system remember past passwords so that users can't use the same password multiple times.
 
Max/Min password age[edit | edit source]
- sudo nano /etc/login.defs
- Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30.
- This is important because it requires users to change their password every 30 days
 
Null Passwords Do Not Authenticate[edit | edit source]
- sudo nano /etc/pam.d/common-auth
- Find any line that contains the word "nullock" and delete that word.
Other[edit | edit source]
Disable IPv4 Forwarding[edit | edit source]
- sudo nano /etc/sysctl.conf
- Add the line net.ipv4.ip_forward=0to the end of the file
- sudo sysctl -p(this applies the settings)
- Use the command sysctl net.ipv4.ip_forwardto check if it's disabled (0 means it's disabled)