安全基线调整

1.检查是否做账户锁定和密码复杂程度配置:cat /etc/pam.d/system-auth

1
2
3
4
5
auth        required      pam_tally2.so onerr=fail deny=10 unlock_time=300

password requisite pam_cracklib.so try_first_pass retry=4 difok=3 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so