securing user account

By OK -
Password authentication is controlled by the PAM module pam_unix, and all settings associated with login are listed at /etc/pam.d/login. An additional configuration file /etc/pam.d/common-password includes values that control password checks.

 Set a strong password policy with the following steps:
  • Open the /etc/pam.d/common-password file with GNU nano:
     $ sudo nano /etc/pam.d/common-password
  • Find the line similar to this:
    password    [success=1 default=ignore]  pam_unix.so obscure sha512
  • Add minlen to the end of this line:
    password    [success=1 default=ignore]  pam_unix.so obscure sha512 minlen=8
  • Add this line to enforce alphanumeric passwords:
    password requisite pam_cracklib.so ucredit=-1 lcredit=-1 dcredit=-1  ocredit=-1




Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log ...
Read more

15 managing disk - understanding /etc/fstab xfs_admin mount -o rw,remount /

By OK -
the classical way to mount filelsystems automatically is to use fstab there is another method which is based on systemd [root@svn ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Wed Apr 26 17:25:59 2017 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/cl-root     /                       xfs     defaults        0 0 UUID=6e3708b2-09ea-43f3-b0f0-9b43a157b3b1 /boot                   xfs     defaults        0 0 /dev/mapper/cl-swap     swap                    swap    defaults        0 0 [root@svn ~]#  #description /boot - where you want to mount filesystem xfs - filesystem defaults ...
Read more

teamcity Automatic Agent Start under Linux

By OK -
Automatic Agent Start under Linux To run agent automatically on the machine boot under Linux, configure daemon process with the  agent.sh start  command to start it and  agent.sh stop  command to stop it. Refer to an example procedure below: 1. Navigate to the services start/stop services scripts directory: cd /etc/init.d/ 2. Open the build agent service script: sudo vim buildAgent 3. Paste the following into the file : #!/bin/sh ### BEGIN INIT INFO # Provides: TeamCity Build Agent # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start build agent daemon at boot time # Description: Enable service provided by daemon. ### END INIT INFO #Provide the correct user name: USER="agentuser" case "$1" in start) su - $USER -c "cd BuildAgent/bin ; ./agent.sh start" ;; stop) su - $USER -c "cd BuildAgent/bin ; ./agent....
Read more