Friday, January 29, 2010

Enhancing Linux & Solaris Security

Enhancing Linux & Solaris Security

Password lockout after 3 failed Login attempts


Follow these process


# make the log file for faillog reporting
touch /var/log/faillog

# allowing only the root to read the faillog account
chown root:root /var/log/faillog #

# set the permission
chmod 600 /var/log/faillog

make the changes to the following files
#/etc/pam.d/system-auth


Accounts are locked out after 3 failed login attempts. Twice an hour, the failed login counter is reset. The failed login counter is also reset with each successful authentication .


auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root

account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset




Password Length and Complexity




Require a minimum password length of 10 characters, with at least 1 lowercase character, 1 uppercase character, and 1 digit.


Make changes to the following files
/etc/pam.d/system-auth:



password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 lcredit=1 ucredit=1 dcredit=1 ocredit=0




Password History

To avoid using the same password Create these files



touch /etc/security/opasswd

chown root:root /etc/security/opasswd

chmod 600 /etc/security/opasswd




Make changes to the following files
/etc/pam.d/system-auth



password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12


--------------------------------------------------------------------------------
Solaris 5.8 Settings


Password History



/etc/pam.conf



other password requisite pam_history.so.1 history=24 func=$1$


Account Lockout

/etc/pam.conf



login auth required pam_login_limit.so.1 count_limit=5 timeout_account=1800

other auth required pam_login_limit.so.1 count_limit=5 timeout_account=1800

other account required pam_login_limit.so.1 count_limit=5 timeout_account=1800


Password Length and Complexity


/etc/default/passwd


NAMECHECK=NO

HISTORY=5

MINDIFF=3

MINALPHA=2

MINNONALPHA=1

MINUPPER=0

MINLOWER=0

MAXREPEATS=0

MINSPECIAL=0

MINDIGIT=0
Posted by test at 1:58 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)