世界500强企业的主机系统安全配置标准

(Number of repeating consecutive characters) 2

minage 密码有效期限的最少周数

(Minimum number of weeks that must pass before a password can be changed) 0

minalpha 最少字母数

(Minimum number of alphabetic characters) 1

mindiff 与前一次密码的最少不同字符数

(Number of characters not found in last password) 1

minother 最少的非字母数

(Number of non-alphabetic characters) 1

minlen 密码最小长度

(Minimum password length) 8

histsize 禁止重复使用密码次数

(Number of previous password that can not be used) 2

flags=NOCHECK 参数在/etc/security/passwd。

(Option in /etc/security/passwd) 不允许任何需要密码的用户帐号设置NOCHECK。

Redhat Linux系统的具体要求如下：相关配置文件/etc/login.defs。

系统值/参数 描述 设置要求

PASS_MAX_DAYS 密码有效期限的最大天数

(Maximum number of days that can pass before a password must be changed.) 91

PASS_MIN_DAYS 密码有效期限的最少天数

(Minimum number of days that must pass before a password can be changed) 0

PASS_MIN_LEN 密码最小长度

(Minimum password length) 8

PASS_WARN_AGE 在密码过期前的显示警告信息

(Number of weeks show warning message before the password expired.) 14 N/A 禁止重复使用密码次数

(Number of previous password that can not be used)

在/etc/pam.d/system-auth，/etc/pam.d/passwd和/etc/pam.d/login，添加如下定义

password required /lib/security/pam_unix.so nullok remember=4 use_authtok md5 shadow

或

password sufficient /lib/security/pam_unix.so nullok remember=4 use_authtok