Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Program-Settings"
Jump to navigation
Jump to search
| Line 2: | Line 2: | ||
When you need to mess with password security policy in Linux three useful files are <code>/etc/security/pwquality.conf</code>, <code>/etc/pam.d/common-password</code>, and <code>/etc/login.defs</code> | When you need to mess with password security policy in Linux three useful files are <code>/etc/security/pwquality.conf</code>, <code>/etc/pam.d/common-password</code>, and <code>/etc/login.defs</code> | ||
===Minimum Password Length=== | ===Minimum Password Length=== | ||
| − | |||
# <code>sudo nano /etc/pam.d/common-password</code> | # <code>sudo nano /etc/pam.d/common-password</code> | ||
# The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: <code>password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10</code> | # The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: <code>password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10</code> | ||
| + | |||
===Dictionary Based Password Checks=== | ===Dictionary Based Password Checks=== | ||
# <code>sudo nano /etc/pam.d/common-password</code> | # <code>sudo nano /etc/pam.d/common-password</code> | ||
Revision as of 19:45, 20 November 2023
Password Security
When you need to mess with password security policy in Linux three useful files are /etc/security/pwquality.conf, /etc/pam.d/common-password, and /etc/login.defs
Minimum Password Length
sudo nano /etc/pam.d/common-password- The minimum password length can be set to 10 by adding "minlen=10" to the end of this line:
password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10
Dictionary Based Password Checks
sudo nano /etc/pam.d/common-password- Dictionary-based password checks can be enabled by adding the line
password requisite pam_pwquality.soto the end of the file- This is important because it prevents users from using common words in their password
Remembering Previous Passwords
sudo nano /etc/pam.d/common-password- Enabling previous passwords being remembered can be enabled by adding the line
password required pam_unix.so remember=5to the end of the file- This is important because it will prevent users from using the same password multiple times
Max/Min password age
This file determines the maximum/minimum password age
sudo nano /etc/login.defs- Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30.
- Setting the maximum password age requires people to change their password every 30 days.
Other
Disable IPv4 Forwarding
sudo nano /etc/sysctl.conf- Add the line
net.ipv4.ip_forward=1to the end of the file sudo sysctl -p(this applies the settings)- Use the command
sysctl net.ipv4.ip_forwardto check if it's disabled (0 means it's disabled)