武夷山网站建设,WordPress数据库名要填什么,企业网站管理系统视频教程,江津网站建设长期不更换密码很容易导致密码被破解#xff0c;而linux的密码过期安全策略主要在/etc/login.defs中配置。一、/etc/login.defs文件的参数解读1、/etc/login.defs文件的内容示例[rootlocalhost ~]# cat /etc/login.defs
#
# Please note that the parameters in this configur…长期不更换密码很容易导致密码被破解而linux的密码过期安全策略主要在/etc/login.defs中配置。一、/etc/login.defs文件的参数解读1、/etc/login.defs文件的内容示例[rootlocalhost ~]# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
## *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 201
SYS_GID_MAX 999#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512
2、/etc/login.defs文件的参数解读MAIL_DIR /var/spool/mail #创建用户时要在目录/var/spool/mail中创建一个用户mail文件PASS_MAX_DAYS 99999#密码最大有效期99999表示永不过期。参数PASS_MAX_DAYS为60表示60天后密码会过期。PASS_MIN_DAYS 0 #两次修改密码的最小间隔时间0表示可以随时修改账号密码。PASS_MIN_LEN 5 #密码最小长度对于root无效。PASS_WARN_AGE 7 #密码过期前多少天开始提示这里是前7天。UID_MIN 1000 #用户ID最小值UID_MAX 60000 #用户ID最大值SYS_UID_MIN 201 #系统用户ID最小值SYS_UID_MAX 999 #系统用户ID最大值GID_MIN 1000 #用户组ID最小值GID_MAX 60000 #用户组ID最大值SYS_GID_MIN 201 #系统用户组ID最小值SYS_GID_MAX 999 #系统用户组ID最大值CREATE_HOME yes #表示是否创建用户home目录这里创建UMASK 077 #权限掩码初始化值为077即---rwxrwx。USERGROUPS_ENAB yes #该参数启用表示userdel删除用户时如果该用户用户组如果没有成员存在则会删除该用户组ENCRYPT_METHOD SHA512 #表示用户密码加密方式此处表示用MD5加密密码。二、linux密码过期安全策略的参数配置要求一般在/etc/login.defs配置以下参数值为PASS_MAX_DAYS 90 #密码过期时间为90天PASS_MIN_DAYS 0 #可以随时修改密码PASS_WARN_AGE 7 #密码过期前7天开始提示PASS_MIN_LEN 8 #密码最小长度为8天
