1 登录强制修改密码
[[email protected] ~]# cat /etc/passwd | tail -31 | awk -F":" ‘{print $1}‘ >> user
[[email protected] ~]# for i in `cat user`;do chage -d 0 $i ;done
2 设置密码复杂度
[[email protected] ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
#password
requisite pam_cracklib.so try_first_pass retry=3 type=
password
requisite pam_cracklib.so try_first_pass retry=5 difok=3 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 dictpath=/usr/share/cracklib/pw_dict
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[[email protected] ~]#
尝试次数:5
最少不同字符:3
最小密码长度:8
最少大写字母:1
最少小写字母:1
最少数字:1
密码字典:/usr/share/cracklib/pw_dict
3 修改密码最短位数
[[email protected] ~]#vi /etc/login.defs
……
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN
8
PASS_WARN_AGE 7
……
4 每小时同步用户(管理节点与登录节点独立)
[[email protected] ~]# cat << EOF >> /etc/cron.hourly/sync_user.cron
> clusconf --sync-user
> EOF
[[email protected] ~]#
5 记录历史命令到公共目录
[[email protected] ~]# cat << EOF >> /etc/profile.d/Sugon_history.sh
> export HISTTIMEFORMAT=‘%F %T‘
> export HISTSIZE=10000
> export HISTFILESIZE=10000
> export HISTFILE=/public/sourcecode/Sugon_history_log
> shopt -s histappend
> PROMPT_COMMAND="history -a ;\$PROMPT_COMMAND"
> export HOSTCONTROL=ignoredups
>
> EOF
[[email protected] ~]# source /etc/profile.d/Sugon_history.sh
6 限制普通用户浪费登录节点资源
[[email protected] ~]# cat << EOF >> /etc/security/limits.conf
> @users - rss 16777216 #限制users组每用户使用最大内存为16G
> @users - maxlogins 6 #限制users组单用户最多6并发登录
> @users - nproc 16 #显示users组单用户最多16并发进程
>
> EOF
[[email protected] ~]#