linux 密码安全脚本

 1 #!/bin/bash
 2 #by:osx1260@163.com
 3 DIESO=/etc/pam.d
 4 PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}')
 5 NEPAMUN='password    sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5'
 6 for PAMS in $PAMSO;do
 7     if [[ -n $(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $1}') ]];then
 8         PAMUN=''
 9         PAMUN=$(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $0}')
10         if [[ -n $(echo $PAMUN | grep "remember" | awk '{print $1}') ]];then
11                 echo "The password remember has been set"
12         else
13         sed -i "s/$PAMUN/$NEPAMUN/" $DIESO/$PAMS
14         fi
15     fi
16 
17 done
 1 #!/bin/sh
 2 #by:osx1260@163.com
 3 DIESO=/etc/pam.d
 4 PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}')
 5 NEPAMUN='password    sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5'
 6 NEWPASSET='password    requisite    pam_cracklib.so retry=3 difok=3 minlen=8 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1'
 7 #retry=3 密码重试次数为3次
 8 #difok=3 允许新密码中有3个字符与旧密码相同
 9 #minlen=8 密码最小长度为8 注意:对root用户无效,root下设置其他用户此参数也无效,用户自己修改自己的密码时才有效
10 #ucredit=-1 密码中必须包含一个大写字母
11 #lcredit=-2 密码中必须包含最少两个小写字母
12 #dcredit=-1 密码中必须包含一个数字
13 #ocredit=-1 密码中最少必须包含一个标点符号
14 [ -f /lib/security/pam_cracklib.so ] && echo "start config pam_cracklib.so"
15 for PAMS in $PAMSO;do
16     if [[ -n $(cat "$DIESO/$PAMS" | grep pam_cracklib | awk '{print $1}') ]];then
17     PASSET=''
18     PASSET=$(cat "$DIESO/$PAMS" | grep "pam_cracklib.so" | awk '{print $0}')
19     if [[ -n $( echo $PASSET | grep "difok" | awk '{print $1}') ]];then
20         echo "The password complexity rule has been set "
21     else
22         sed -i "s/${PASSET}/${NEWPASSET}/" $DIESO/$PAMS    
23     fi
24     fi
25     
26     
27 done

限制tty

#!/bin/sh
for t in $(cat /etc/securetty | grep "^tty" | grep -v "tty[1,2]$");
do    
    T=''
    T=$t
    sed -i "s/$T/#$T/" /etc/securetty
done

 

posted @ 2015-02-02 00:43  osxlinux  阅读(495)  评论(0编辑  收藏  举报