Passwor Policy Implementation @@@@@@@@@@@@@@@@@@@@@@@@ 1. Create a backup @@@@@@@@@@@@@@@@@@@@@@@@ Change directory to /etc/pam.d/ $ cd /etc/pam.d/ Use ll command to list $ ll Backup common-password file using cp command $ sudo cp common-password common-password.backup @@@@@@@@@@@@@@@@@@@@ 2. Password Length @@@@@@@@@@@@@@@@@@@@ Use your favorite editor to edit the common-password file $ sudo vim common-password Locate the line starting with success and add minlen=7 at the end of the line Save and exit file @@@@@@@@@@@@@@@@@@@@@@@ 3. Password Complexity @@@@@@@@@@@@@@@@@@@@@@@ Install the libpam-pwquality package $ sudo apt-get install libpam-pwquality Open and edit the common-password file $ sudo vim common-password You may add the following complexities password requisite pam_pwquality.so retry=3 Ucredit=-1 password requisite pam_pwquality.so retry=3 Dcredit=-1 password requisite pam_pwquality.so retry=3 Ocredit=-1 Ucredit=-1 for uppercase Dcredit=-1 for lowercase Ocredit=-1 for special character Save and Exit file @@@@@@@@@@@@@@@@@@@@@@@@ 4. Password Expiration @@@@@@@@@@@@@@@@@@@@@@@@ $ cd /etc Create a backup using the cp command $ sudo cp login.defs login.defs.backup Edit the login.defs file $ sudo vim login.defs Search for the PASS_MAX_DAYS and change it to your prefered time/number of days. Save and exit file. @@@@@@@@@@@@@@@@@@@@@@@@@@@@ 5. Verify the set policies @@@@@@@@@@@@@@@@@@@@@@@@@@@@ Users are located in the directory /etc/passwd Add user $ sudo adduser test Check if the user was added $ cat /etc/passwd To check password policies for each user, run the command $ sudo chage -l test To effect changes on exixting users we use sudo chage –expiredate (date –d +90days +%y-%m-%d) $ sudo chage -d 2024-03-03 test $ sudo chage -E 12/04/2024 -M 90 -W 7 test To revert the expiry policy for each user $ sudo chage -E -1 test