linux 密码安全脚本
1 #!/bin/bash 2 #by:osx1260@163.com 3 DIESO=/etc/pam.d 4 PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}') 5 NEPAMUN='password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5' 6 for PAMS in $PAMSO;do 7 if [[ -n $(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $1}') ]];then 8 PAMUN='' 9 PAMUN=$(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $0}') 10 if [[ -n $(echo $PAMUN | grep "remember" | awk '{print $1}') ]];then 11 echo "The password remember has been set" 12 else 13 sed -i "s/$PAMUN/$NEPAMUN/" $DIESO/$PAMS 14 fi 15 fi 16
17 done
1 #!/bin/sh 2 #by:osx1260@163.com 3 DIESO=/etc/pam.d 4 PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}') 5 NEPAMUN='password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5' 6 NEWPASSET='password requisite pam_cracklib.so retry=3 difok=3 minlen=8 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1' 7 #retry=3 密码重试次数为3次 8 #difok=3 允许新密码中有3个字符与旧密码相同 9 #minlen=8 密码最小长度为8 注意:对root用户无效,root下设置其他用户此参数也无效,用户自己修改自己的密码时才有效 10 #ucredit=-1 密码中必须包含一个大写字母 11 #lcredit=-2 密码中必须包含最少两个小写字母 12 #dcredit=-1 密码中必须包含一个数字 13 #ocredit=-1 密码中最少必须包含一个标点符号 14 [ -f /lib/security/pam_cracklib.so ] && echo "start config pam_cracklib.so" 15 for PAMS in $PAMSO;do 16 if [[ -n $(cat "$DIESO/$PAMS" | grep pam_cracklib | awk '{print $1}') ]];then 17 PASSET='' 18 PASSET=$(cat "$DIESO/$PAMS" | grep "pam_cracklib.so" | awk '{print $0}') 19 if [[ -n $( echo $PASSET | grep "difok" | awk '{print $1}') ]];then 20 echo "The password complexity rule has been set " 21 else 22 sed -i "s/${PASSET}/${NEWPASSET}/" $DIESO/$PAMS 23 fi 24 fi 25 26 27 done
限制tty
#!/bin/sh for t in $(cat /etc/securetty | grep "^tty" | grep -v "tty[1,2]$"); do T='' T=$t sed -i "s/$T/#$T/" /etc/securetty done