I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Ukudala Inqubomgomo Yephasiwedi ku-Linux

Ukudala Inqubomgomo Yephasiwedi ku-Linux

Sawubona futhi! Amakilasi eqenjini elisha lesifundo aqala kusasa "I-Linux Administrator", mayelana nalokhu, sishicilela isihloko esiwusizo ngesihloko.

Ukudala Inqubomgomo Yephasiwedi ku-Linux

Esifundweni esedlule sikutshele ukuthi ungasebenzisa kanjani pam_cracklibukwenza amaphasiwedi kumasistimu abe nzima kakhulu Isigqoko Esibomvu 6 noma i-CentOS. Ku-Red Hat 7 pam_pwquality kufakwe esikhundleni cracklib njengoba pam imojuli ezenzakalelayo yokuhlola amaphasiwedi. Imojuli pam_pwquality futhi isekelwa ku-Ubuntu ne-CentOS, kanye namanye ama-OS amaningi. Le mojula yenza kube lula ukwenza izinqubomgomo zephasiwedi ukuqinisekisa ukuthi abasebenzisi bayazamukela izimiso zamandla ephasiwedi yakho.

Isikhathi eside, indlela evamile yamaphasiwedi kwakuwukuphoqa umsebenzisi ukuthi asebenzise osonhlamvukazi, abancane, izinombolo, noma ezinye izimpawu. Le mithetho eyisisekelo yobunkimbinkimbi bephasiwedi ikhuthazwe kabanzi kule minyaka eyishumi edlule. Kube nezingxoxo eziningi mayelana nokuthi lokhu kuwumkhuba omuhle noma cha. Ingxabano eyinhloko ephikisana nokusetha izimo eziyinkimbinkimbi kangaka ukuthi abasebenzisi babhala phansi amagama ayimfihlo ephepheni futhi bawagcine ngokungavikelekile.

Enye inqubomgomo esanda kubuzwa iphoqa abasebenzisi ukuthi baguqule amagama abo ayimfihlo njalo ezinsukwini ezingu-x. Kube nocwaningo oluthile olukhombisile ukuthi lokhu kuyingozi nakwezokuphepha.

Kubhalwe izindatshana eziningi ngesihloko salezi zingxoxo, ezifakazela umbono owodwa noma omunye. Kodwa lokhu akukhona esizoxoxa ngakho kulesi sihloko. Lesi sihloko sizokhuluma ngendlela yokusetha kahle iphasiwedi eyinkimbinkimbi kunokuphatha inqubomgomo yezokuphepha.

Izilungiselelo Zenqubomgomo Yephasiwedi

Ngezansi uzobona izinketho zenqubomgomo yephasiwedi kanye nencazelo emfushane yazo ngayinye. Eziningi zazo ziyefana namapharamitha akumojula cracklib. Le ndlela yenza kube lula ukufaka izinqubomgomo zakho kusuka kusistimu yefa.

  • difok - Inombolo yezinhlamvu kuphasiwedi yakho entsha AKUMELE ibe khona kuphasiwedi yakho endala. (Okuzenzakalelayo 5)
  • minlen - Ubude bephasiwedi obuncane. (Okuzenzakalelayo 9)
  • ucredit - Inani eliphakeme lamakhredithi okusebenzisa izinhlamvu ezingosonhlamvukazi (uma ipharamitha > 0), noma inani elincane elidingekayo lezinhlamvu ezinkulu (uma ipharamitha i-< 0). Okuzenzakalelayo ngu-1.
  • Ikhredithi β€” Inani eliphakeme lamakhredithi okusebenzisa izinhlamvu zofeleba abancane (uma ipharamitha > 0), noma inani elincane elidingekayo lezinhlamvu ezincane (uma ipharamitha i-< 0). Okuzenzakalelayo ngu-1.
  • dcredit - Isibalo esiphezulu samakhredithi sokusebenzisa amadijithi (uma ipharamitha > 0), noma inani elincane elidingekayo lamadijithi (uma ipharamitha i- <0). Okuzenzakalelayo ngu-1.
  • isikweletu - Inani eliphakeme lamakhredithi okusebenzisa ezinye izimpawu (uma ipharamitha > 0), noma inombolo encane edingekayo yezinye izimpawu (uma ipharamitha <0). Okuzenzakalelayo ngu-1.
  • Isigaba esincane - Isetha inani lamakilasi adingekayo. Amakilasi afaka amapharamitha angenhla (izinhlamvu ezinkulu, izinhlamvu ezincane, izinombolo, ezinye izinhlamvu). Okuzenzakalelayo ngu-0.
  • maxrepeat - Inombolo enkulu yezikhathi lapho uhlamvu lungaphindwa khona kuphasiwedi. Okuzenzakalelayo ngu-0.
  • maxclassrepeat - Inombolo enkulu yezinhlamvu ezilandelanayo ekilasini elilodwa. Okuzenzakalelayo ngu-0.
  • i-gecoscheck - Ihlola ukuthi ingabe igama eliyimfihlo liqukethe amagama avela kuyunithi yezinhlamvu ze-GECOS yomsebenzisi. (Ulwazi lomsebenzisi, okungukuthi igama langempela, indawo, njll.) Okuzenzakalelayo ngu-0 (kuvaliwe).
  • i-dictpath – Ake siye kuzichazamazwi ze-cracklib.
  • amagama - Amagama ahlukaniswe isikhala anqatshelwe kumaphasiwedi (Igama lenkampani, igama elithi "iphasiwedi", njll.).

Uma umqondo wemalimboleko uzwakala uyinqaba, kulungile, kujwayelekile. Sizokhuluma kabanzi ngalokhu ezigabeni ezilandelayo.

Ukucushwa Kwenqubomgomo Yephasiwedi

Ngaphambi kokuthi uqale ukuhlela amafayela okumisa, kuwumkhuba omuhle ukubhala phansi inqubomgomo yephasiwedi eyisisekelo kusenesikhathi. Isibonelo, sizosebenzisa imithetho yobunzima elandelayo:

  • Iphasiwedi kumele ibe nobude obuncane bezinhlamvu eziyi-15.
  • Uhlamvu olufanayo akufanele luphindwe kaningi ku-password.
  • Izigaba zohlamvu zingaphinda izikhathi ezine kuphasiwedi.
  • Igama eliyimfihlo kufanele libe nezinhlamvu ezivela ekilasini ngalinye.
  • Iphasiwedi entsha kufanele ibe nezinhlamvu ezintsha ezi-5 uma iqhathaniswa nendala.
  • Nika amandla ukuhlola kwe-GECOS.
  • Vimbela amagama athi β€œpassword, pass, word, putorius”

Manje njengoba sesiyibekile inqubomgomo, singakwazi ukuhlela ifayela /etc/security/pwquality.confukwandisa izidingo zephasiwedi eyinkimbinkimbi. Ngezansi kunefayela eliyisibonelo elinamazwana okuqonda kangcono. 

# Make sure 5 characters in new password are new compared to old password
difok = 5
# Set the minimum length acceptable for new passwords
minlen = 15
# Require at least 2 digits
dcredit = -2
# Require at least 2 upper case letters
ucredit = -2
# Require at least 2 lower case letters
lcredit = -2
# Require at least 2 special characters (non-alphanumeric)
ocredit = -2
# Require a character from every class (upper, lower, digit, other)
minclass = 4
# Only allow each character to be repeated twice, avoid things like LLL
maxrepeat = 2
# Only allow a class to be repeated 4 times
maxclassrepeat = 4
# Check user information (Real name, etc) to ensure it is not used in password
gecoscheck = 1
# Leave default dictionary path
dictpath =
# Forbid the following words in passwords
badwords = password pass word putorius

Njengoba kungenzeka ukuthi uqaphele, amanye amapharamitha kufayela lethu awasasebenzi. Ngokwesibonelo, ipharamitha minclass ayisasebenzi njengoba sesivele sisebenzisa okungenani izinhlamvu ezimbili ekilasini sisebenzisa izinkambu [u,l,d,o]credit. Uhlu lwethu lwamagama angakwazi ukusetshenziswa nalo alunamsebenzi, njengoba senqabele ukuphinda noma yiliphi ikilasi izikhathi ezi-4 (wonke amagama ohlwini lwethu abhalwe ngezinhlamvu ezincane). Ngifake lezi zinketho ukuze ngibonise ukuthi zisetshenziswa kanjani ukuze ulungiselele inqubomgomo yakho yephasiwedi.
Uma usudale inqubomgomo yakho, ungaphoqa abasebenzisi ukuthi baguqule amagama abo ayimfihlo ngesikhathi esilandelayo lapho bengena khona. uhlelo.

Enye into exakayo ongase uyiqaphele ukuthi amasimu [u,l,d,o]credit qukethe inombolo enegethivu. Lokhu kungenxa yokuthi izinombolo ezinkulu noma ezilingana no-0 zizokunikeza ikhredithi ngokusebenzisa uhlamvu kuphasiwedi yakho. Uma inkambu iqukethe inombolo enegethivu, kusho ukuthi inani elithile liyadingeka.

Ziyini izikweletu?

Ngizibiza ngezikweletu ngoba lokho kudlulisa inhloso yazo ngokunembe ngangokunokwenzeka. Uma inani lepharamitha likhulu kuno-0, ungeza inombolo "yekhredithi yohlamvu" elingana no-"x" kubude bephasiwedi. Isibonelo, uma wonke amapharamitha (u,l,d,o)credit isethwe ku-1 futhi ubude bephasiwedi obudingekayo bube ngu-6, khona-ke uzodinga izinhlamvu eziyisi-6 ukuze wanelise imfuneko yobude ngoba unofeleba ngamunye, usonhlamvukazi, idijithi noma olunye uhlamvu luzokunikeza ikhredithi eyodwa.

Uma ufake dcredit ngo-2, ngokwethiyori ungase usebenzise iphasiwedi enezinhlamvu ezingu-9 ubude futhi uthole amakhredithi ezinhlamvu ezi-2 zezinombolo, bese ubude bephasiwedi bungavele bube ngu-10.

Bheka lesi sibonelo. Ngimise ubude bephasiwedi ku-13, ngisethe i-dcredit yaba ngu-2, nakho konke okunye ku-0.

$ pwscore
 Thisistwelve
 Password quality check failed:
  The password is shorter than 13 characters

$ pwscore
 Th1sistwelve
 18

Ukuhlola kwami ​​kokuqala kuhlulekile ngoba igama eliyimfihlo lalingaphansi kwezinhlamvu eziyi-13 ubude. Ngokuzayo lapho ngishintsha incwadi ethi β€œI” enombolweni ethi β€œ1” futhi ngathola amakhredithi amabili ezinombolo, okwenza igama eliyimfihlo lilingane no-13.

Ukuhlolwa kwephasiwedi

Iphakheji libpwquality inikeza ukusebenza okuchazwe esihlokweni. Iphuma nohlelo pwscore, eklanyelwe ukuhlola ubunkimbinkimbi bephasiwedi. Siyisebenzise ngenhla ukuhlola imali mboleko.
Okusetshenziswayo pwscore ifunda kusuka stdin. Vele usebenzise insiza bese ubhala iphasiwedi yakho, izobonisa iphutha noma inani ukusuka ku-0 kuye ku-100.

Isikolo sekhwalithi yephasiwedi sihlobene nepharamitha minlen kufayela lokumisa. Ngokuvamile, amaphuzu angaphansi kwama-50 abhekwa "njengephasiwedi evamile", futhi amaphuzu ngenhla abhekwa "njengephasiwedi eqinile". Noma iyiphi iphasiwedi edlula ukuhlolwa kwekhwalithi (ikakhulukazi ukuqinisekiswa okuphoqelelwe cracklib) kufanele imelane nokuhlaselwa kwesichazamazwi, kanye nephasiwedi enamaphuzu angaphezu kuka-50 ngesilungiselelo minlen ngisho nangokuzenzakalelayo brute force ukuhlasela.

isiphetho

Yenza ngokwezifiso pwquality - kulula futhi kulula uma kuqhathaniswa nokungalungi kokusetshenziswa cracklib ngokuhlelwa kwefayela okuqondile pam. Kulo mhlahlandlela, sihlanganise yonke into oyoyidinga lapho usetha izinqubomgomo zephasiwedi ku-Red Hat 7, CentOS 7, kanye nezinhlelo ze-Ubuntu. Siphinde sakhuluma ngomqondo wemali mboleko, okungavamile ukubhalwa ngayo ngokuningiliziwe, ngakho-ke lesi sihloko sasihlala singacacile kulabo ababengakaze bahlangabezane naso ngaphambili.

Imithombo:

ikhasi lomuntu we-pwquality
pam_pwquality man page
ikhasi lomuntu we-pwscore

Izixhumanisi eziwusizo:

Ukukhetha Amaphasiwedi Avikelekile - uBruce Schneier
U-Lorrie Faith Cranor uxoxa ngezifundo zakhe zephasiwedi e-CMU
Ikhathuni elingaziwa le-xkcd ku-Entropy

Source: www.habr.com

Engeza amazwana