HPC cluster public network open security reinforcement and resource display

HPC cluster public network open security reinforcement and resource display

HPC cluster public network open security reinforcement and resource display:

1. Force password change upon Logon

[Root @ node24 ~] # Cat/etc/passwd | tail-31 | awk-F ":" '{print $1}'> user

[Root @ node24 ~] # For I in 'cat user'; do chage-d 0 $ I; done

 

2. Set Password Complexity

[Root @ node24 ~] # Cat/etc/pam. d/system-auth

# % PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

Auth required pam_env.so

Auth sufficient pam_fprintd.so

Auth sufficient pam_unix.so nullok try_first_pass

Auth requisite pam_succeed_if.so uid >=500 quiet

Auth required pam_deny.so

 

Account required pam_unix.so

Account sufficient pam_localuser.so

Account sufficient pam_succeed_if.so uid <500 quiet

Account required pam_permit.so

 

# Password requisite pam_cracklib.so try_first_pass retry = 3 type =

Password requisite pam_cracklib.so try_first_pass retry = 5 difok = 3 minlen = 8 ucredit =-1 lcredit =-1 dcredit =-1 dictpath =/usr/share/cracklib/pw_dict

Password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

Password required pam_deny.so

 

Session optional pam_keyinit.so revoke

Session required pam_limits.so

Session [success = 1 default = ignore] pam_succeed_if.so service in crond quiet use_uid

Session required pam_unix.so

[Root @ node24 ~] #

 

Number of attempts: 5

Minimum number of different characters: 3

Minimum Password Length: 8

Minimum capital letters: 1

Minimum lowercase letters: 1

Minimum Number: 1

Password dictionary:/usr/share/cracklib/pw_dict

 

3. Minimum number of digits for password Modification

[Root @ node24 ~] # Vi/etc/login. defs

......

PASS_MAX_DAYS 99999

PASS_MIN_DAYS 0

PASS_MIN_LEN 8

PASS_WARN_AGE 7

......

 

4. Synchronize users hourly (the management node is independent of the logon node)

[Root @ node24 ~] # Cat <EOF>/etc/cron. hourly/sync_user.cron

> Clusconf -- sync-user

> EOF

[Root @ node24 ~] #

 

5. Record History commands to public directories

[Root @ node24 ~] # Cat <EOF>/etc/profile. d/Sugon_history.sh

> Export HISTTIMEFORMAT = '% F % t'

> Export HISTSIZE = 10000

> Export HISTFILESIZE = 10000

> Export HISTFILE =/public/sourcecode/Sugon_history_log

> Shopt-s histappend

> PROMPT_COMMAND = "history-a; \ $ PROMPT_COMMAND"

> Export HOSTCONTROL = ignoredups

>

> EOF

[Root @ node24 ~] # Source/etc/profile. d/Sugon_history.sh

 

6 restrict normal users from wasting login node resources

[Root @ node24 ~] # Cat <EOF>/etc/security/limits. conf

> @ Users-rss 16777216 # limits the maximum memory usage of each user in the users Group to 16 GB.

> @ Users-maxlogins 6 # limit a maximum of 6 concurrent users in a single user group

> @ Users-nproc 16 # displays a maximum of 16 concurrent processes for a single user in the users Group

>

> EOF

[Root @ node24 ~] #

This article permanently updates the link address: