密码加固
PASS_MAX_DAYS=`grep -e ^PASS_MAX_DAYS /etc/login.defs |awk '{print $2}'`
if [ $PASS_MAX_DAYS -gt 90 ];then
echo "密码最长保留期限为:$PASS_MAX_DAYS, 更改为90天"
sed -i "/^PASS_MAX_DAYS/d" /etc/login.defs
echo "PASS_MAX_DAYS 90" >> /etc/login.defs
fi
PASS_MIN_DAYS=`grep -e ^PASS_MIN_DAYS /etc/login.defs |awk '{print $2}'`
if [ $PASS_MIN_DAYS -ne 1 ];then
echo "密码最段保留期限为:$PASS_MIN_DAYS, 更改为1天"
sed -i "/^PASS_MIN_DAYS/d" /etc/login.defs
echo "PASS_MIN_DAYS 1" >> /etc/login.defs
fi
PASS_MIN_LEN=`grep -e ^PASS_MIN_LEN /etc/login.defs |awk '{print $2}'`
if [ $PASS_MIN_LEN -lt 8 ];then
echo "密码最少字符为:$PASS_MIN_LEN, 更改为8"
sed -i "/^PASS_MIN_LEN/d" /etc/login.defs
echo "PASS_MIN_LEN 8" >> /etc/login.defs
fi
PASS_WARN_AGE=`grep -e ^PASS_WARN_AGE /etc/login.defs |awk '{print $2}'`
if [ $PASS_WARN_AGE -ne 7 ];then
echo "密码到期前$PASS_MIN_LEN天提醒, 更改为7"
sed -i "/^PASS_WARN_AGE/d" /etc/login.defs
echo "PASS_WARN_AGE 7" >> /etc/login.defs
fi