1. Check the system password length, strength check
View System Password Length
Pass_min_len=8 #设定最小用户密码长度为8 the bigger the better.
View System Password strength
Cat/etc/pam.d/system-auth password required/lib/security/retry=3 minlen=9 dcredit=-1 ucredit=- 1 lcredit=-1 ocredit=-1 |
From the policy above using pam_cracklib.so, it is necessary to require the user to modify the password to meet the 9-bit, and the password must contain at least one uppercase letter, lowercase letters, numbers and special symbols
2. System password anti-crack time limit check
Perl ">cat/etc/pam.d/System-auth |
Under the first line, add the following #%pam-1.0: Auth required pam_tally2.so deny=3 unlock_time=600 even_deny_root root_unlock_time=1200
Explanation of each parameter: Even_deny_root also restricts root user;
Deny sets the maximum number of consecutive error logins for regular users and root users, and the maximum number of times that the user is locked
Unlock_time set the normal user lock, how much time after unlocking, Unit is seconds;
Root_unlock_time set the root user lock, how much time after the unlock, the unit is seconds;
3. system file Permission check
4. System User default access rights
Cat/etc/login.defs See If Umask is 077 |
5. Check whether the log is turned on
CAT/var/log/messagescat/var/log/secure |
6. View boot entry
Rc_local= ' Find/-name rc.local '"$rc _local"]thenfind/-name rc.local| While read Rc_filenamedoes' [*]filename: '$rc _filename' doneelse' [X]find rc_local not Exists 'fi |
7. View Scheduled Tasks
8. View logged in user
' {print $} ' | Sort|uniq |
9. View the user who successfully signed in
[-f/var/log/secure] ' {print $ ' "$ $" "$ $ " "$11} 'else' [x]/var/log/secure File not found 'fi
- This article is from: Linux Tutorial Network
Linux Security Configuration Check items