一、建议定期更改操作系统的用户口令;并保证口令具有一定的复杂度,如:超过8位,由字母、数字和字符构成;
修改/etc/pam.d/common-password,增加蓝色行。
==========================================================
#%PAM-1.0
# This file is autogenerated by pam-config. All changes
# will be overwritten.
# Password-related modules common to all services
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define  the services to be
# used to change user passwords.
#
password        requisite       pam_pwcheck.so  nullok cracklib
password        required        pam_unix2.so    use_authtok nullok
password           required        pam_cracklib.so use_authtok minlen=8 dcredit=-1 ucredit=-1 lcredit=-1
password           required        pam_pwcheck.so remember=5 use_authtok user_first_pass
=========================================================
注:
minlen=N:此选项用来设置新密码的最小长度。
dcredit=N:此选项用来设定新密码中可以包含数字的最大数目。
ucredit=N:此选项用来设定新密码中可以包含的大写字母的最大数目。
lcredit=N:此选项用来设定新密码中可以包含的小写字母的最大数目。