Add password policy

README.md

@@ -20,6 +20,13 @@ system setup.
 
 ## Configuration
 
+### Password policy
+
+Set password aging settings in [/etc/login.defs](rootfs/etc/login.defs).
+
+Set password complexity requirements in
+[/etc/security/pwquality.conf.d/99-Born2beroot.conf](rootfs/etc/security/pwquality.conf.d/99-Born2beroot.conf)
+
 ### Firewall
 
 Disable and stop CentOS default firewall:

rootfs/etc/login.defs

@@ -128,8 +128,8 @@ HOME_MODE	0700
 #	PASS_MIN_LEN	Minimum acceptable password length.
 #	PASS_WARN_AGE	Number of days warning given before a password expires.
 #
-PASS_MAX_DAYS	99999
-PASS_MIN_DAYS	0
+PASS_MAX_DAYS	30
+PASS_MIN_DAYS	2
 PASS_WARN_AGE	7
 
 # Currently PASS_MIN_LEN is not supported

rootfs/etc/security/pwquality.conf.d/99-Born2beroot.conf

@@ -0,0 +1,10 @@
+# vim: et ts=4 sw=4:
+# At least 7 char differents from former password
+difok               = 7
+minlen              = 10
+# Require min one digit
+dcredit             = -1
+# Require mine one upper case letter
+ucredit             = -1
+maxrepeat           = 3
+enforce_for_root    = true