HPC cluster public network open security reinforcement and resource display
HPC cluster public network open security reinforcement and resource display:
1. Force password change upon Logon
[Root @ node24 ~] # Cat/etc/passwd | tail-31 | awk-F ":" '{print $1}'> user
[Root @ node24 ~] # For I in 'cat user'; do chage-d 0 $ I; done
2. Set Password Complexity
[Root @ node24 ~] # Cat/etc/pam. d/system-auth
# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_fprintd.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
Auth required pam_deny.so
Account required pam_unix.so
Account sufficient pam_localuser.so
Account sufficient pam_succeed_if.so uid <500 quiet
Account required pam_permit.so
# Password requisite pam_cracklib.so try_first_pass retry = 3 type =
Password requisite pam_cracklib.so try_first_pass retry = 5 difok = 3 minlen = 8 ucredit =-1 lcredit =-1 dcredit =-1 dictpath =/usr/share/cracklib/pw_dict
Password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
Password required pam_deny.so
Session optional pam_keyinit.so revoke
Session required pam_limits.so
Session [success = 1 default = ignore] pam_succeed_if.so service in crond quiet use_uid
Session required pam_unix.so
[Root @ node24 ~] #
Number of attempts: 5
Minimum number of different characters: 3
Minimum Password Length: 8
Minimum capital letters: 1
Minimum lowercase letters: 1
Minimum Number: 1
Password dictionary:/usr/share/cracklib/pw_dict
3. Minimum number of digits for password Modification
[Root @ node24 ~] # Vi/etc/login. defs
......
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 8
PASS_WARN_AGE 7
......
4. Synchronize users hourly (the management node is independent of the logon node)
[Root @ node24 ~] # Cat <EOF>/etc/cron. hourly/sync_user.cron
> Clusconf -- sync-user
> EOF
[Root @ node24 ~] #
5. Record History commands to public directories
[Root @ node24 ~] # Cat <EOF>/etc/profile. d/Sugon_history.sh
> Export HISTTIMEFORMAT = '% F % t'
> Export HISTSIZE = 10000
> Export HISTFILESIZE = 10000
> Export HISTFILE =/public/sourcecode/Sugon_history_log
> Shopt-s histappend
> PROMPT_COMMAND = "history-a; \ $ PROMPT_COMMAND"
> Export HOSTCONTROL = ignoredups
>
> EOF
[Root @ node24 ~] # Source/etc/profile. d/Sugon_history.sh
6 restrict normal users from wasting login node resources
[Root @ node24 ~] # Cat <EOF>/etc/security/limits. conf
> @ Users-rss 16777216 # limits the maximum memory usage of each user in the users Group to 16 GB.
> @ Users-maxlogins 6 # limit a maximum of 6 concurrent users in a single user group
> @ Users-nproc 16 # displays a maximum of 16 concurrent processes for a single user in the users Group
>
> EOF
[Root @ node24 ~] #
This article permanently updates the link address: