Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Program-Settings"

Password Security

When you need to mess with password security policy in Linux three useful files are /etc/security/pwquality.conf, /etc/pam.d/common-password, and /etc/login.defs

Minimum Password Length

1. sudo nano /etc/pam.d/common-password
2. The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10

Dictionary Based Password Checks

1. sudo nano /etc/pam.d/common-password
2. Dictionary-based password checks can be enabled by adding the line password requisite pam_pwquality.so to the end of the file
   • This is important because it prevents users from using common words in their password

Remembering Previous Passwords

1. sudo nano /etc/pam.d/common-password
2. Enabling previous passwords being remembered can be enabled by adding the line password required pam_unix.so remember=5 to the end of the file
   • This is important because it will prevent users from using the same password multiple times

Max/Min password age

1. sudo nano /etc/login.defs
2. Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30.
   • This is important because it requires users to change their password every 30 days

Other

Disable IPv4 Forwarding

1. sudo nano /etc/sysctl.conf
2. Add the line net.ipv4.ip_forward=0 to the end of the file
3. sudo sysctl -p (this applies the settings)
4. Use the command sysctl net.ipv4.ip_forward to check if it's disabled (0 means it's disabled)