Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Partial Security Optimization of Linux New system

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

1. Set the account login failure locking policy to make it more difficult for users' passwords to be violently cracked.

Reference link

Http://man7.org/linux/man-pages/man8/pam_tally2.8.html

Set to enter the wrong password for 5 times in a row, and the account is locked for 5 minutes.

Before doing this security hardening, check the version of the PAM module, search for the existence of Pam _ tally2, and modify the configuration file if pam_tally2 exists. [note: each system configuration varies, please configure it appropriately according to the current system, and carefully evaluate the impact on the system]

Repair scheme:

Centos

Modify the configuration / etc/pam.d/password-auth (add the configuration to the appropriate location):

Auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300

Account required pam_tally2.so

Ubuntu,debian:

Modify the configuration / etc/pam.d/common-auth (add the configuration to the appropriate location):

Auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300

Modify the configuration / etc/pam.d/common-account parameter (add the configuration to the appropriate location):

Account required pam_tally2.so

2. Linux account timeout automatic logout configuration

Modify the / etc/profile file to set the automatic logout time of the scheduled account:

Export TMOUT=180

3. Restrict root permission users to log in remotely

Modify the file / etc/ssh/sshd_config configuration:

PermitRootLogin no

After the modification is complete, restart the sshd service.

4. Linux account password lifetime policy

Modify the file / etc/login.defs, configure

PASS_MAX_DAYS 90

5. The policy of the longest valid days of the account after the expiration of the Linux password

Edit / etc/default/useradd file, configure:

INACTIVE=365

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration file password system appropriate location policy account user account login security longest valid appropriate parameter number of days duration scheme time vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Technology Shulou Information Xiaomi MySQL Redmi Huawei Docker MariaDB vpn Apple OPPO Reno macOS Microsoft Linux Shulou Tech Info NVidia Shulou Technology Shulou Information Xiaomi MySQL Redmi Huawei Docker MariaDB vpn Apple OPPO Reno macOS Microsoft Linux Shulou Tech Info NVidia

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report