Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Program-Settings

From Vista Ridge Cyberpatriot
Revision as of 16:53, 20 November 2023 by 24.28.1.246 (talk)
Jump to navigation Jump to search

When you need to mess with security policy in Linux a need to know command to start diving in is "sudo nano /etc/security/pwquality.conf". This command can help with accessing the security policy of linux and editing it.

Two other useful files are /etc/pam.d/common-password and /etc/login.defs

Minimum Password Length

This file controls the minimum password length, whether previous passwords are remembered, and whether dictionary-based password checks are enabled.

  1. sudo nano /etc/pam.d/common-password
  2. The minimum password length can be set to 10 by adding "minlen=10" to the end of this line: password [success=1 default=ignore] pam_unix.so obscure yescrypt minlen=10

Dictionary Based Password Checks

  1. sudo nano /etc/pam.d/common-password
  2. Dictionary-based password checks can be enabled by adding the line password requisite pam_pwquality.so to the end of the file
    • This is important because it prevents users from using common words in their password

Remembering Previous Passwords

  1. sudo nano /etc/pam.d/common-password
  2. Enabling previous passwords being remembered can be enabled by adding the line password required pam_unix.so remember=5 to the end of the file
    • This is important because it will prevent users from using the same password multiple times

Max/Min password age

This file determines the maximum/minimum password age

  1. sudo nano /etc/login.defs
  2. Scroll very far down until you reach the line PASS_MAX_DAYS. Set it equal to 30, and set PASS_MIN_DAYS equal to 5.
Retrieved from "https://cypat.rainbowunicorn.org/index.php?title=Operating_Systems/Linux/Ubuntu/Ubuntu_16.04_LTS/Program-Settings&oldid=254"