Centos6.x 设置终端超时, 加强用户密码策略

1. 密码有效期, 密码长度

$ more /etc/login.defs

# Password aging controls:
#
#    PASS_MAX_DAYS    Maximum number of days a password may be used.
#    PASS_MIN_DAYS    Minimum number of days allowed between password changes.
#    PASS_MIN_LEN    Minimum acceptable password length.
#    PASS_WARN_AGE    Number of days warning given before a password expires.
#
PASS_MAX_DAYS    90
PASS_MIN_DAYS    7
PASS_MIN_LEN    8
PASS_WARN_AGE    7

2. 终端超时时间5分钟

$ cd /etc/profile.d/
$ sudo touch autologout.sh
$ sudo touch autologout.csh

----- autologout.sh ---
#auto out in 5 minutes  
TMOUT=300
readonly TMOUT
export TMOUT


----- autologout.csh ---
#auto out in 5 minutes  
set -r autologout 5

3. 密码复杂度

修改 /etc/pam.d/system-auth 文件, 网上搜到的那些修改 /etc/pam.d/password-auth 文件的都是错的!

#修改这行 (dcredit数字, ucredit大写, lcredit小写, ocredit符号)
password requisite pam_cracklib.so try_first_pass retry=3 type= dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2
#或者 (minclass 大小写数字字符至少包含3种)
password requisite pam_cracklib.so try_first_pass retry=3 type= minclass=3