linux 密码安全脚本

#!/bin/bash
＃by:osx1260@163.com
DIESO=/etc/pam.d
PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}')
NEPAMUN='password    sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5'
for PAMS in $PAMSO;do
    if [[ -n $(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $1}') ]];then
        PAMUN=''
        PAMUN=$(cat "$DIESO/$PAMS" | grep "shadow" | awk '{print $0}')
        if [[ -n $(echo $PAMUN | grep "remember" | awk '{print $1}') ]];then
                echo "The password remember has been set"
        else
        sed -i "s/$PAMUN/$NEPAMUN/" $DIESO/$PAMS
        fi
    fi

done

#!/bin/sh
#by:osx1260@163.com
DIESO=/etc/pam.d
PAMSO=$(ls $DIESO/* |awk -F'/' '{print $4}')
NEPAMUN='password    sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5'
NEWPASSET='password    requisite    pam_cracklib.so retry=3 difok=3 minlen=8 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1'
#retry=3 密码重试次数为3次
#difok=3 允许新密码中有3个字符与旧密码相同
#minlen=8 密码最小长度为8 注意：对root用户无效，root下设置其他用户此参数也无效，用户自己修改自己的密码时才有效
#ucredit=-1 密码中必须包含一个大写字母
#lcredit=-2 密码中必须包含最少两个小写字母
#dcredit=-1 密码中必须包含一个数字
#ocredit=-1 密码中最少必须包含一个标点符号
[ -f /lib/security/pam_cracklib.so ] && echo "start config pam_cracklib.so"
for PAMS in $PAMSO;do
    if [[ -n $(cat "$DIESO/$PAMS" | grep pam_cracklib | awk '{print $1}') ]];then
    PASSET=''
    PASSET=$(cat "$DIESO/$PAMS" | grep "pam_cracklib.so" | awk '{print $0}')
    if [[ -n $( echo $PASSET | grep "difok" | awk '{print $1}') ]];then
        echo "The password complexity rule has been set "
    else
        sed -i "s/${PASSET}/${NEWPASSET}/" $DIESO/$PAMS    
    fi
    fi
    
    
done

限制ｔｔｙ

#!/bin/sh
for t in $(cat /etc/securetty | grep "^tty" | grep -v "tty[1,2]$");
do    
    T=''
    T=$t
    sed -i "s/$T/#$T/" /etc/securetty
done