Tech Tips

Keeping a Ubuntu server secure from assaults and data leaks requires implementing a robust password policy. Enforcing a minimum length and specifying password age are two best practices for password regulations. To complete these operations, I use the libpam-cracklib software.

Install the libpam-cracklib package:

sudo apt-get install libpam-cracklib

To enforce password length:

Go to the /etc/pam.d/common-password file and open it.

Modify the minlen=12 line to change the minimum character length of all passwords to whatever number of characters you wish.

To avoid password re-use, follow these steps:

Add the remember=x line to the same file (/etc/pam.d/common-password).

For instance, use remember=5 to prevent a user from reusing one of their past five passwords.To enforce password age:

In the /etc/login.defs file, find and replace the following lines with your selected amount of time (days). Consider the following scenario:

PASS_MIN_AGE: 3
PASS_MAX_AGE: 90
PASS_WARN_AGE: 14

To enforce character specifications:

The four parameters lcredit (lowercase), ucredit (uppercase), dcredit (digit), and ocredit (uppercase) are used to enforce character specifications in passwords (other characters).

Find the line containing pam cracklib.so in the same file (/etc/pam.d/common-password).

To the end of this line, add the following:

lcredit=-a ucredit=-b dcredit=-c ocredit=-d

The following line, for example, demands that passwords have one of each parameter. You can alter the numbers to achieve the level of password security you desire:

lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

At Velan, our server support engineers can harden & manage your Linux, Ubuntu server. If you are interested in our service, please fill the Quick connect form to get in touch with us.