Eric @ EricBess WebHome

一味思考而不行动,将在不知不觉中变得无意义

Chinese (Simplified) flagItalian flagKorean flagPortuguese flagEnglish flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flagCatalan flagFilipino flagHebrew flagIndonesian flagLatvian flagLithuanian flagSerbian flagSlovak flagSlovenian flagUkrainian flagVietnamese flag
By N2H

客户公司SOX关于LINUX帐号的审计要求及本人与redh­at工程师的解决之道。

SOX demand  for linux OS password 

      1. A unique user ID is required in combination with a password to access the system. 
      2. Automatic password changing after 60 days where technically feasible.  If not technically feasible, a compensating control is in place. 
      3. Password minimum length of 8 characters or maximum length allowed by system when the allowable length is less than 8 characters. 
      4. User IDs/Accounts suspended after 6 invalid logins if technically feasible.  If not technically feasible, a compensating control is in place. 
      5. Accounts inactive for 60 days are disabled if technically possible.  If not technically possible, a compensating control is in place. 
      6. Password history of 12 is enabled which prohibits the reuse of the last 12 passwords 
      7. Following a new user's initial logon to the application, the user is prompted to change password.

>From Me

For 2. Expired Setting
[root@localhost]# passwd -x 60 -w 10

For 1.Complexity Setting
Add the following lines to /etc/pam.d/passwd
password requisite       pam_cracklib.so type
="Retype-3-At-least-8-letters-1-capital-1- character" retry=3
minlen=10 ucredit=1 ocredit=1
password required        pam_unix.so use_authtok

Reference Documents
passwd manual
The Linux-PAM System Administrators' Guide
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html#toc6

Click to continue reading

11月 15th, 2007 Posted by eric | Unix/BSD/Linux | no comments