🔑password policy 🔑

1. First step will be editing the login.defs file:

nano /etc/login.defs

1. Once we are done editing the file, we will set the next parameters:

PASS_MAX_DAYS 99999 -> PASS_MAX_DAYS 30

PASS_MIN_DAYS 0 -> PASS_MIN_DAYS 2

PASS_MAX_DAYS: It's the max days till password expiration.

PASS_MIN_DAYS: It's the min days till password change.

PASS_WARN_AGE: It's the days till password warning.

1. For continuing the installation we must install the next packages to enforce the password quality with the following command:

sudo apt install libpam-pwquality

then we wrute Y so we can continue; we wait till it finish.

1. Next thing we must do is is edit a file and change itś content. We will use

nano /etc/pam.d/common-password

1. Below retry=3 we must add the following commands:

minlen=10 ucredit=-1 dcredit=-1 lcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root

This is how the line must be↙️

This is how the file must look ↙️

minlen=10 ➤ The minimun characters a password must contain.

ucredit=-1 ➤ The password at least have to contain a capital letter. We must write it with a - sign, as is how it knows that's refering to minumum caracters; if we put a + sign it will refer to maximum characters.

dcredit=-1 ➤ The passworld at least have to containt a digit.

lcredit=-1 ➤ The password at least have to contain a lowercase letter.

maxrepeat=3 ➤ The password can not have the same character repited three contiusly times.

reject_username ➤ The password can not contain the username inside itself.

difok=7 ➤ The password it have to containt at least seven diferent characters from the last password ussed.

enforce_for_root ➤ We will implement this password policy to root.