Account security Consolidation in Linux causes Crontab-l to fail to output

First, the phenomenon of failure

Database user feedback executes under Oracle user CRONTAB-L output results are not normal, and there are errors: Authentication token is no longer valid; New one required (Oracle) are not allowed to access to (crontab) because of Pam configuration. 。 While other users perform normally.

Second, the fault treatment and resolution

Because of the reference to Pam configuration, first look at the/etc/pam.d/crond configuration and the normal host to compare, found that there is no exception. And think about it. The PAM configuration is typically targeted at all users and is rarely targeted at individual users. So again, the idea is cron file permissions have changed, whether the account is locked or the password expired.

View the/var/spool/cron/oracle file and discover that there are no permissions issues. The problem was found through chage-l when you looked at it by item:

[Root@irora11 cron]# Chage-l Oracle
Last password Change:mar 14, 2016
Password Expires:jun 12, 2016
Password Inactive:never
Account Expires:never
Minimum number of days between password change:0
Maximum number of days between password change:90
Number of days of warning before password expires:7

View the Oracle password has been found to have expired time. The workaround is set to never expire or modify the password of the Oracle user. To further verify the problem, try to discover the problem resolution by setting the never expired attempt:

[Root@irora11 ~]# chage-m 99999 Oracle
[Root@irora11 ~]# Su-oracle
[Oracle@irora11 ~]$ Crontab-l
0 3,7,11,15,19,23 * * */home/oracle/rman_archive_delete.sh
0 2 * * */home/oracle/clean_audit_file.sh
00,20,40 * * * * CD ${home}/hwalarm;/crontabalarm.sh
* * * * * CD $HOME/kpiconsole/monitor/agent/shell;/monitor_kpi.sh >/dev/null 2>&1
*/30 * * * * sh/home/oracle/hwscript/diskywdb/diskcheck.sh >/dev/null 2>&1
0 2 * * */home/oracle/clean_trace_file.sh
0 2,4,6,8,10,12,14,16,18,20,22,23 * * */home/oracle/rman_archive_delete_new.sh
8-22/1 * * */home/oracle/execute_alarm_recharge.sh >/dev/null 2>&1

Third, summary

Security reinforcement is a double-edged sword, on the one hand, it does strengthen the security of the host, another method is also easy to create a network problem. At present, the network has encountered a consolidation caused by the modification of the password three to four times authentication, SSH landing anomalies, ulimit changes do not take effect, and so many other issues. Therefore, the security Department in the reinforcement of the corresponding testing work is more necessary.