Pulogalamu ya ProHoster > Blog > Ulamuliro > Kupanga Ndondomeko Yachinsinsi mu Linux

Kupanga Ndondomeko Yachinsinsi mu Linux

Moni kachiwiri! Maphunziro mugulu la maphunziro atsopano ayamba mawa "Linux Administrator", pankhaniyi, tikufalitsa nkhani yothandiza pamutuwu.

Kupanga Ndondomeko Yachinsinsi mu Linux

Mu phunziro lapitalo tinakuuzani momwe mungagwiritsire ntchito pam_cracklibkupanga mawu achinsinsi pa machitidwe ovuta kwambiri Chipewa Chofiira 6 kapena CentOS. Mu Red Hat 7 pam_pwquality m'malo cracklib monga pam gawo lokhazikika loyang'ana mawu achinsinsi. Module pam_pwquality imathandizidwanso pa Ubuntu ndi CentOS, komanso ma OS ena ambiri. Gawoli limapangitsa kukhala kosavuta kupanga mfundo zachinsinsi kuti zitsimikizire kuti ogwiritsa ntchito avomereza mfundo zanu zamphamvu zachinsinsi.

Kwa nthawi yayitali, njira yodziwika bwino ya mawu achinsinsi inali kukakamiza wogwiritsa ntchito zilembo zazikulu, zing'onozing'ono, manambala, kapena zizindikilo zina. Malamulo ofunikira awa azovuta zachinsinsi akhala akukwezedwa kwambiri pazaka khumi zapitazi. Pakhala pali zokambirana zambiri ngati izi ndizochita zabwino kapena ayi. Mtsutso waukulu wotsutsa kukhazikitsa zinthu zovuta zotere unali wakuti ogwiritsa ntchito amalemba mawu achinsinsi pamapepala ndikuwasunga mopanda chitetezo.

Mfundo ina yomwe yafunsidwa posachedwa imakakamiza ogwiritsa ntchito kusintha mawu awo achinsinsi masiku x aliwonse. Pakhala pali maphunziro omwe awonetsa kuti izi zimawononganso chitetezo.

Nkhani zambiri zalembedwa pamutu wa zokambiranazi, zomwe zimatsimikizira malingaliro amodzi kapena ena. Koma izi si zimene tikambirana m’nkhani ino. Nkhaniyi ifotokoza momwe mungakhazikitsire bwino mawu achinsinsi m'malo mowongolera ndondomeko yachitetezo.

Zokonda Zachinsinsi

M'munsimu mudzaona njira achinsinsi ndondomeko ndi kufotokoza mwachidule aliyense. Ambiri aiwo ndi ofanana ndi magawo omwe ali mu module cracklib. Njira iyi imapangitsa kuti zikhale zosavuta kunyamula ndondomeko zanu kuchokera ku dongosolo lakale.

  • difok - Chiwerengero cha zilembo zachinsinsi chanu chatsopano chomwe SIyenera kukhalapo muchinsinsi chanu chakale. (Zofikira 5)
  • minlen - Osachepera achinsinsi kutalika. (Kufikira 9)
  • ucredit - Kuchuluka kwa ma credits ogwiritsira ntchito zilembo zazikulu (ngati parameter> 0), kapena chiwerengero chochepa chofunikira cha zilembo zazikulu (ngati parameter <0). Zofikira ndi 1.
  • ngongole - Chiwerengero chachikulu cha ma credits ogwiritsira ntchito zilembo zazing'ono (ngati parameter> 0), kapena chiwerengero chochepa chofunikira cha zilembo zochepa (ngati parameter <0). Zofikira ndi 1.
  • dcredit - Kuchuluka kwa ma credits ogwiritsira ntchito manambala (ngati parameter> 0), kapena chiwerengero chochepa chofunikira cha manambala (ngati parameter <0). Zofikira ndi 1.
  • ocredit - Kuchuluka kwa ma credits ogwiritsira ntchito zizindikiro zina (ngati parameter> 0), kapena chiwerengero chochepa chofunikira cha zizindikiro zina (ngati parameter <0). Zofikira ndi 1.
  • minclass - Imakhazikitsa kuchuluka kwa makalasi ofunikira. Maphunzirowa ali ndi magawo omwe ali pamwambapa (zilembo zapamwamba, zilembo zochepa, manambala, zilembo zina). Zofikira ndi 0.
  • maxrepeat - Kuchuluka kwa nthawi zomwe munthu amatha kubwereza mawu achinsinsi. Zofikira ndi 0.
  • maxclassrepeat - Kuchuluka kwa zilembo zotsatizana m'kalasi imodzi. Zofikira ndi 0.
  • gecoscheck - Imayang'ana ngati mawu achinsinsi ali ndi mawu aliwonse kuchokera ku zingwe za GECOS za wogwiritsa ntchito. (Zidziwitso za ogwiritsa ntchito, mwachitsanzo, dzina lenileni, malo, ndi zina zotero) Zosasintha ndi 0 (zozimitsa).
  • dictpath – Tiyeni tipite ku cracklib dikishonale.
  • zakale - Mawu olekanitsidwa ndi malo omwe ndi oletsedwa m'mawu achinsinsi (dzina la kampani, mawu oti "password", etc.).

Ngati lingaliro la ngongole likumveka lachilendo, zili bwino, ndi zachilendo. Tikambirana zambiri za izi m'magawo otsatirawa.

Kusintha kwa Ndondomeko Yachinsinsi

Musanayambe kusintha owona kasinthidwe, ndi mchitidwe wabwino kulemba mfundo achinsinsi mfundo pasadakhale. Mwachitsanzo, tigwiritsa ntchito malamulo ovuta awa:

  • Mawu achinsinsi ayenera kukhala ndi kutalika kwa zilembo 15.
  • Chikhalidwe chomwechi sichiyenera kubwerezedwa kuwirikiza kawiri mu mawu achinsinsi.
  • Makalasi amtundu amatha kubwerezedwa mpaka kanayi muchinsinsi.
  • Mawu achinsinsi ayenera kukhala ndi zilembo za kalasi iliyonse.
  • Mawu achinsinsi atsopano ayenera kukhala ndi zilembo 5 zatsopano poyerekeza ndi zakale.
  • Yambitsani cheke cha GECOS.
  • Letsani mawu oti "password, pass, word, putorius"

Tsopano popeza tapanga ndondomeko, tikhoza kusintha fayilo /etc/security/pwquality.confkuonjezera zofunikira zachinsinsi. Pansipa pali fayilo yachitsanzo yokhala ndi ndemanga kuti mumvetsetse bwino. 

# Make sure 5 characters in new password are new compared to old password
difok = 5
# Set the minimum length acceptable for new passwords
minlen = 15
# Require at least 2 digits
dcredit = -2
# Require at least 2 upper case letters
ucredit = -2
# Require at least 2 lower case letters
lcredit = -2
# Require at least 2 special characters (non-alphanumeric)
ocredit = -2
# Require a character from every class (upper, lower, digit, other)
minclass = 4
# Only allow each character to be repeated twice, avoid things like LLL
maxrepeat = 2
# Only allow a class to be repeated 4 times
maxclassrepeat = 4
# Check user information (Real name, etc) to ensure it is not used in password
gecoscheck = 1
# Leave default dictionary path
dictpath =
# Forbid the following words in passwords
badwords = password pass word putorius

Monga mukuwonera, magawo ena mufayilo yathu ndi osafunikira. Mwachitsanzo, parameter minclass ndizosowa chifukwa timagwiritsa ntchito zilembo zosachepera ziwiri kuchokera m'kalasi pogwiritsa ntchito magawo [u,l,d,o]credit. Mndandanda wathu wamawu omwe sangagwiritsidwe ntchito ndiwowonjezeranso, popeza taletsa kubwereza kalasi iliyonse ka 4 (mawu onse pamndandanda wathu amalembedwa m'malembo ang'onoang'ono). Ndaphatikiza izi kuti ndingowonetsa momwe mungawagwiritsire ntchito pokonza mfundo zanu zachinsinsi.
Mukapanga mfundo zanu, mutha kukakamiza ogwiritsa ntchito kusintha mawu achinsinsi akadzalowanso. kachitidwe.

Chinthu china chodabwitsa chomwe mwawona ndi chakuti minda [u,l,d,o]credit zili ndi nambala yotsutsa. Izi zili choncho chifukwa manambala akulu kuposa kapena ofanana ndi 0 adzakuyamikirani pogwiritsa ntchito mawu achinsinsi anu. Ngati munda uli ndi nambala yolakwika, zikutanthauza kuti kuchuluka kwake kumafunika.

Kodi ngongole ndi chiyani?

Ndimawatcha ngongole chifukwa zimapereka cholinga chawo molondola momwe angathere. Ngati mtengo wa parameter uli waukulu kuposa 0, mumawonjezera "makhalidwe" angapo ofanana ndi "x" pautali wa mawu achinsinsi. Mwachitsanzo, ngati magawo onse (u,l,d,o)credit khazikitsani ku 1 ndipo utali wofunikira wa mawu achinsinsi unali 6, ndiye mudzafunika zilembo 6 kuti mukwaniritse zofunikira zautali chifukwa zilembo zazikulu, zing'onozing'ono, manambala kapena zilembo zina zidzakupatsani ngongole imodzi.

Ngati inu kwabasi dcredit pa 2, mutha kugwiritsa ntchito mawu achinsinsi omwe ali ndi zilembo 9 ndikupeza zilembo 2 zama manambala, ndiye kutalika kwa mawu achinsinsi kungakhale kale 10.

Onani chitsanzo ichi. Ndinayika kutalika kwa mawu achinsinsi kukhala 13, ndikuyika dcredit ku 2, ndi china chilichonse ku 0.

$ pwscore
 Thisistwelve
 Password quality check failed:
  The password is shorter than 13 characters

$ pwscore
 Th1sistwelve
 18

Cheke changa choyamba chinalephera chifukwa mawu achinsinsi anali osakwana zilembo 13. Nthawi yotsatira nditasintha chilembo "I" kukhala nambala "1" ndikulandila ma credits awiri pa manambala, zomwe zidapangitsa mawu achinsinsi kukhala 13.

Kuyesa mawu achinsinsi

Phukusi libpwquality imapereka magwiridwe antchito omwe afotokozedwa m'nkhaniyi. Imabweranso ndi pulogalamu pwscore, yomwe idapangidwa kuti iwonetse zovuta zachinsinsi. Tidagwiritsa ntchito pamwambapa kuyang'ana ngongole.
Zothandiza pwscore amawerenga kuchokera stdin. Ingoyendetsani zofunikira ndikulemba mawu achinsinsi, ziwonetsa cholakwika kapena mtengo kuchokera pa 0 mpaka 100.

Chizindikiro cha khalidwe lachinsinsi chikugwirizana ndi chizindikiro minlen mu fayilo yosintha. Kawirikawiri, chiwerengero chochepera 50 chimaonedwa kuti ndi "password wamba", ndipo mphambu pamwamba pake imatengedwa ngati "password yolimba". Mawu achinsinsi aliwonse omwe amadutsa macheke (makamaka kutsimikizira mokakamizidwa cracklib) iyenera kupirira kuukira kwa mtanthauzira mawu, ndi mawu achinsinsi okhala ndi mphambu pamwamba pa 50 ndi zoikamo minlen ngakhale mwachisawawa brute force kuwukira.

Pomaliza

kusintha pwquality - ndizosavuta komanso zosavuta poyerekeza ndi zovuta zogwiritsa ntchito cracklib ndi kusintha kwachindunji kwa fayilo pam. Mu bukhuli, tafotokoza zonse zomwe mungafune mukakhazikitsa mfundo zachinsinsi pa Red Hat 7, CentOS 7, komanso machitidwe a Ubuntu. Tinakambirananso za lingaliro la ngongole, zomwe sizimalembedwa kawirikawiri mwatsatanetsatane, kotero mutuwu nthawi zambiri umakhala wosadziwika bwino kwa iwo omwe sanakumanepo nawo.

Zotsatira:

pwquality munthu tsamba
pam_pwquality munthu page
pwscore munthu tsamba

Maulalo othandiza:

Kusankha Mawu Achinsinsi Otetezedwa - Bruce Schneier
Lorrie Faith Cranor akukambirana za maphunziro ake achinsinsi ku CMU
Chojambula Choyipa cha xkcd pa Entropy

Source: www.habr.com

Kuwonjezera ndemanga