{"id":2991,"date":"2016-11-27T11:43:27","date_gmt":"2016-11-27T03:43:27","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=2991"},"modified":"2016-11-27T11:43:27","modified_gmt":"2016-11-27T03:43:27","slug":"centos-7-%e8%ae%be%e7%bd%ae-step5-%e5%9c%a8-centos-7-%e4%b8%8a%e8%bf%9b%e8%a1%8c%e4%b8%80%e4%ba%9b%e9%ab%98%e7%ba%a7%e8%ae%be%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/2991.html","title":{"rendered":"CentOS 7 \u8bbe\u7f6e-Step5.\u5728 CentOS 7 \u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e"},"content":{"rendered":"<p>=Start=<\/p>\n<h4>\u7f18\u7531\uff1a<\/h4>\n<p>\u8bb0\u5f55\u5982\u4f55\u5229\u7528PAM\u4e2d\u7684\u67d0\u4e9b\u6a21\u5757\u505a\u4e00\u4e9b\u989d\u5916\u7684\u5b89\u5168\u8bbe\u7f6e\uff1b\u4e00\u4e9b\u53ef\u80fd\u4f1a\u7528\u5230\u7684\u5b89\u5168\u77e5\u8bc6\u3002<\/p>\n<h4>\u6b63\u6587\uff1a<\/h4>\n<h5 id=\"Step5.\u5728CentOS7\u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e-1.\u8bbe\u7f6eLinux\u7cfb\u7edf\u7684\u5bc6\u7801\u5f3a\u5ea6\u7b56\u7565\">1.\u8bbe\u7f6eLinux\u7cfb\u7edf\u7684\u5bc6\u7801\u5f3a\u5ea6\u7b56\u7565<\/h5>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_977050\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">$ sudo vi \/etc\/pam.d\/system-auth<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"java plain\">password\u00a0\u00a0 requisite\u00a0\u00a0 pam_cracklib.so retry=<\/code><code class=\"java value\">3<\/code>\u00a0<code class=\"java plain\">difok=<\/code><code class=\"java value\">3<\/code>\u00a0<code class=\"java plain\">minlen=<\/code><code class=\"java value\">10<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java plain\">$ sudo vi \/etc\/pam.d\/system-auth<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"java plain\">password\u00a0\u00a0 requisite\u00a0\u00a0 pam_cracklib.so retry=<\/code><code class=\"java value\">3<\/code>\u00a0<code class=\"java plain\">difok=<\/code><code class=\"java value\">3<\/code>\u00a0<code class=\"java plain\">minlen=<\/code><code class=\"java value\">10<\/code>\u00a0<code class=\"java plain\">ucredit=-<\/code><code class=\"java value\">1<\/code>\u00a0<code class=\"java plain\">lcredit=-<\/code><code class=\"java value\">2<\/code>\u00a0<code class=\"java plain\">dcredit=-<\/code><code class=\"java value\">1<\/code>\u00a0<code class=\"java plain\">ocredit=-<\/code><code class=\"java value\">1<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java plain\">$ sudo vi \/etc\/login.defs<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"java plain\">PASS_MAX_DAYS\u00a0\u00a0\u00a0<\/code><code class=\"java value\">150<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"java plain\">PASS_MIN_DAYS\u00a0\u00a0\u00a0<\/code><code class=\"java value\">0<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"java plain\">PASS_WARN_AGE\u00a0\u00a0\u00a0<\/code><code class=\"java value\">7<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<ul>\n<li><a class=\"external-link\" href=\"http:\/\/xmodulo.com\/set-password-policy-linux.html\" target=\"_blank\" rel=\"nofollow\">http:\/\/xmodulo.com\/set-password-policy-linux.html<\/a><\/li>\n<li><a class=\"external-link\" href=\"http:\/\/unix.stackexchange.com\/questions\/139290\/password-length-and-complexity\" target=\"_blank\" rel=\"nofollow\">http:\/\/unix.stackexchange.com\/questions\/139290\/password-length-and-complexity<\/a><\/li>\n<li><a class=\"external-link\" href=\"https:\/\/linux.die.net\/man\/8\/pam_cracklib\" target=\"_blank\" rel=\"nofollow\">https:\/\/linux.die.net\/man\/8\/pam_cracklib<\/a><\/li>\n<li><a class=\"external-link\" href=\"http:\/\/www.computerworld.com\/article\/2726217\/endpoint-protection\/how-to-enforce-password-complexity-on-linux.html\" target=\"_blank\" rel=\"nofollow\">http:\/\/www.computerworld.com\/article\/2726217\/endpoint-protection\/how-to-enforce-password-complexity-on-linux.html<\/a><\/li>\n<\/ul>\n<h5 id=\"Step5.\u5728CentOS7\u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e-2.\u8bbe\u7f6eLinux\u7cfb\u7edf\u7684\u5bc6\u7801\u91cd\u7528\u7b56\u7565\">2.\u8bbe\u7f6eLinux\u7cfb\u7edf\u7684\u5bc6\u7801\u91cd\u7528\u7b56\u7565<\/h5>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_230133\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">Step:<\/code><code class=\"java value\">1<\/code>\u00a0<code class=\"java plain\">\u2013 Linux\u5982\u4f55\u9650\u5236\u5bc6\u7801\u7684\u91cd\u7528\uff1f<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\"># vim \/etc\/pam.d\/common-auth<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\">password sufficient pam_unix.so use_authtok md5 shadow remember=<\/code><code class=\"java value\">13<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\">\u6216<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\">password sufficient pam_unix2.so use_authtok md5 shadow remember=<\/code><code class=\"java value\">13<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java plain\">Step:<\/code><code class=\"java value\">2<\/code>\u00a0<code class=\"java plain\">\u2013 Linux\u8bbe\u7f6e\u5bc6\u7801\u5468\u671f<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\"># vi \/etc\/login.defs<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\">PASS_MIN_DAYS=<\/code><code class=\"java value\">7<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"java plain\">Step:<\/code><code class=\"java value\">3<\/code>\u00a0<code class=\"java plain\">\u2013 Linux\u7684\u5386\u53f2\u5bc6\u7801\u5b58\u5728\u54ea\uff1f<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"java spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"java plain\">\/etc\/security\/opasswd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<ul>\n<li><a class=\"external-link\" href=\"http:\/\/www.cyberciti.biz\/tips\/how-to-linux-prevent-the-reuse-of-old-passwords.html\" target=\"_blank\" rel=\"nofollow\">http:\/\/www.cyberciti.biz\/tips\/how-to-linux-prevent-the-reuse-of-old-passwords.html<\/a><\/li>\n<\/ul>\n<h5 id=\"Step5.\u5728CentOS7\u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e-3.\u4fdd\u6301\/boot\u53ea\u8bfb\">3.\u4fdd\u6301 \/boot \u53ea\u8bfb<\/h5>\n<p>Linux\u5185\u6838\u548c\u4ed6\u7684\u76f8\u5173\u7684\u6587\u4ef6\u90fd\u4fdd\u5b58\u5728\/boot\u76ee\u4e0b\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u662f\u53ef\u4ee5\u8bfb\u5199\u7684\u3002\u628a\u5b83\u8bbe\u4e3a\u4e86\u53ea\u8bfb\u53ef\u4ee5\u51cf\u5c11\u4e00\u4e9b\u7531\u4e8e\u975e\u6cd5\u4fee\u6539\u91cd\u8981boot\u6587\u4ef6\u800c\u5bfc\u81f4\u7684\u98ce\u9669\u3002<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_695267\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\"># vim \/etc\/fstab<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<p>\u5728\u6587\u4ef6\u6700\u540e\u589e\u52a0\u4e0b\u9762\u7684\u884c\uff0c\u7136\u540e\u4fdd\u5b58\uff1a<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_133404\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">LABEL=\/boot \/boot ext2 defaults,ro\u00a0<\/code><code class=\"java value\">1<\/code>\u00a0<code class=\"java value\">2<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<p>\u5982\u679c\u4f60\u4eca\u540e\u9700\u8981\u5347\u7ea7\u5185\u6838\u7684\u8bdd\uff0c\u4f60\u9700\u8981\u4fee\u6539\u4e3a\u8bfb\u5199\u6a21\u5f0f\uff08ro \u2192\u00a0rw\uff09\u3002<\/p>\n<h5 id=\"Step5.\u5728CentOS7\u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e-4.SELinux\uff08\u8c28\u614e\u4f7f\u7528\uff09\">4.SELinux\uff08\u8c28\u614e\u4f7f\u7528\uff09<\/h5>\n<p>\u67e5\u770bSELinux\u72b6\u6001\uff1a<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_70233\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\"># sestatus<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<p>\u5982\u679c\u662f\u5173\u95ed\u72b6\u6001\uff0c\u5219\u53ef\u4ee5\u901a\u8fc7\u4e0b\u9762\u7684\u547d\u4ee4\u6253\u5f00\uff1a<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_982021\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\"># setenforce enforcing<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<h5 id=\"Step5.\u5728CentOS7\u4e0a\u8fdb\u884c\u4e00\u4e9b\u9ad8\u7ea7\u8bbe\u7f6e-5.\u9501\u5b9aCron\u4efb\u52a1\">5.\u9501\u5b9a Cron\u4efb\u52a1<\/h5>\n<p>Cron\u6709\u5b83\u81ea\u5df1\u5185\u5efa\u7684\u7279\u6027\uff0c\u8fd9\u7279\u6027\u5141\u8bb8\u5b9a\u4e49\u54ea\u4e9b\u4eba\u80fd\u54ea\u4e9b\u4eba\u4e0d\u80fd\u8dd1\u4efb\u52a1\u3002\u8fd9\u662f\u901a\u8fc7\u4e24\u4e2a\u6587\u4ef6\/etc\/cron.allow \u548c \/etc\/cron.deny \u63a7\u5236\u7684\u3002\u8981\u9501\u5b9a\u5728\u7528Cron\u7684\u7528\u6237\u65f6\u53ef\u4ee5\u7b80\u5355\u7684\u5c06\u5176\u540d\u5b57\u5199\u5230cron.deny\u91cc\uff0c\u800c\u8981\u5141\u8bb8\u7528\u6237\u8dd1cron\u65f6\u5c06\u5176\u540d\u5b57\u52a0\u5230cron.allow\u5373\u53ef\u3002\u5982\u679c\u4f60\u8981\u7981\u6b62\u6240\u6709\u7528\u6237\u4f7f\u7528cron\uff0c\u90a3\u4e48\u53ef\u4ee5\u5c06\u201cALL\u201d\u4f5c\u4e3a\u4e00\u884c\u52a0\u5230cron.deny\u91cc\u3002<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div id=\"highlighter_567841\" class=\"syntaxhighlighter sh-confluence nogutter java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\"># echo ALL &gt;&gt;\/etc\/cron.deny<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u7f18\u7531\uff1a \u8bb0\u5f55\u5982\u4f55\u5229\u7528PAM\u4e2d\u7684\u67d0\u4e9b\u6a21\u5757\u505a\u4e00\u4e9b\u989d\u5916\u7684\u5b89\u5168\u8bbe\u7f6e\uff1b\u4e00\u4e9b\u53ef\u80fd\u4f1a\u7528\u5230\u7684\u5b89\u5168\u77e5\u8bc6\u3002 \u6b63\u6587\uff1a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,25],"tags":[28,30,37],"class_list":["post-2991","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-security","tag-centos","tag-linux","tag-security"],"views":13342,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=2991"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2991\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=2991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=2991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=2991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}