Add password policy
This commit is contained in:
parent
1af87d57f0
commit
a4f4202eb3
|
@ -20,6 +20,13 @@ system setup.
|
|||
|
||||
## Configuration
|
||||
|
||||
### Password policy
|
||||
|
||||
Set password aging settings in [/etc/login.defs](rootfs/etc/login.defs).
|
||||
|
||||
Set password complexity requirements in
|
||||
[/etc/security/pwquality.conf.d/99-Born2beroot.conf](rootfs/etc/security/pwquality.conf.d/99-Born2beroot.conf)
|
||||
|
||||
### Firewall
|
||||
|
||||
Disable and stop CentOS default firewall:
|
||||
|
|
|
@ -128,8 +128,8 @@ HOME_MODE 0700
|
|||
# PASS_MIN_LEN Minimum acceptable password length.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_MAX_DAYS 30
|
||||
PASS_MIN_DAYS 2
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
# Currently PASS_MIN_LEN is not supported
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
# vim: et ts=4 sw=4:
|
||||
# At least 7 char differents from former password
|
||||
difok = 7
|
||||
minlen = 10
|
||||
# Require min one digit
|
||||
dcredit = -1
|
||||
# Require mine one upper case letter
|
||||
ucredit = -1
|
||||
maxrepeat = 3
|
||||
enforce_for_root = true
|
Loading…
Reference in New Issue