I. account security control
User account is a computer user's credentials or identification, everyone to access system resources, by virtue of its use must
enter the computer user account to. In the Linux system, it provides a variety of mechanisms to ensure that the legitimate user account, the security
used.
1. System account cleanup ****
hattr + i / etc / passwd / etc / shadow
lock the user with the password filelsattr / etc / passwd / etc / shadow
Viewing File Statuschattr -i / etc / passwd / etc / shadow
unlock the user with the password file
2. Password security control
In an insecure network environment in order to reduce the risk of passwords to guess or brute force, the user should develop the habit of regularly change passwords, avoid long-term use of the same password. The administrator can restrict the user's password on the server side of the maximum number of days for the user's password has expired, login will be required to reset the password, or they will refuse to log on.
/etc/login.defs vim
PASS_MAX_DAYS 30
is valid only for new users
chage -M 30 wangwu
apply existing user
chage -d 0 username
next logon to change the password
, but it must be a non-continuous Arabic numerals and letters
more than eight, or unable to change the password
3. The command history is automatically logged out
vim / etc / profile system environment variable configuration file
source / etc / profile so that your configuration file to take effect
vim / etc / profile configuration file system environment variables
Export TMOUT = 15
Source / etc / profile Profile allows you to take effect