Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
27 views19 pages

2.2 Implementing Password Policies in Linux

The document outlines a lab exercise focused on implementing strong password policies in Linux to enhance security against unauthorized access. It details the objectives, tasks, and commands necessary to configure password settings using the Pluggable Authentication Module (PAM) on an Ubuntu system. The exercise emphasizes setting minimum password lengths, complexity requirements, and testing the implementation to ensure compliance with the established policies.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views19 pages

2.2 Implementing Password Policies in Linux

The document outlines a lab exercise focused on implementing strong password policies in Linux to enhance security against unauthorized access. It details the objectives, tasks, and commands necessary to configure password settings using the Pluggable Authentication Module (PAM) on an Ubuntu system. The exercise emphasizes setting minimum password lengths, complexity requirements, and testing the implementation to ensure compliance with the established policies.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Module 02: Administrative Network Security

59 Minutes Remaining
Instructions Resources Help 100%
Exercise 2: Implementing Password Policies in Linux

Harden Linux by setting strong password policies for user accounts.

Lab Scenario

To protect unauthorized access to Linux systems, the network defender needs to implement strong
password policies for all accounts. A strong complex password prevents attackers from cracking the
user account passwords through brute-force attacks.

Lab Objectives

The objective of this lab is to set up a strong password policy on Ubuntu. By default, the minimum
password length in a Linux system is six characters. The following password policies can be
implemented in Linux:

• Minimum password age


• Maximum password age
• Password history
• Minimum password length
• Use uppercase characters
• Use lowercase characters
• Using minimum digits in the password
• Password warning
• Password retry

Overview of PAM

Pluggable authentication module (PAM) (pam_pwquality) is used to enforce password complexity.


The PAM module is responsible for account verification and password checks such as password
expiry and rejecting passwords that do not meet the specified requirements in the configuration file.

Before starting this lab, make sure that the AD Domain Controller, pfSense Firewall,
and Smoothwall Firewall VMs are turned on

Lab Tasks

If you have already launched Smoothwall Firewall and AD Domain Controller VM in the previous
exercise, skip steps from 1 to 8.
1. Click Smoothwall Firewall to launch SmoothwallFirewall VM.
2. Type the password toor and press Enter

3. Press Tab button twice to navigate Done button and press Enter.
4. Wait for few seconds to load the smoothwall express, the smoothwall login screen
appears, leave smoothwall running.
5. Click AD Domain Controller to launch ADDcomainController VM.

6. Click Ctrl+Alt+Delete link to login to AD Domain Controller.


7. By default CND\Administrator account is selected, click Pa$$w0rd and
press Enter to login.
8. The network screen appears, click Yes
9. Click Operation Dept to launch OperationDept VM.
10. Select username Alice and type password user@123.
11. To configure system packages, open the terminal, and type sudo dpkg --configure
-a; then, press Enter. If prompted for a password, type user@123 and press Enter.
12. To change to the root user, type sudo su, press Enter, if prompted for a password,
type user@123, and press Enter. Then, type cd Desktop and press the Enter button.
13. To fix the dependencies for the library installation, type apt --fix-broken install and
press Enter.
14. All broken packages will recover. Next, you must download the PAM module to
check password strength and enforce the password complexity settings.
15. To install the PAM module, type command apt-get -y install libpam-pwquality
cracklib-runtime and press Enter.
16. To configure the password setting for the PAM module, edit the common-
password file in the /etc/pam.d/ folder in the Ubuntu Linux system. Setting up
Minimum Password Length
17. Type gedit /etc/pam.d/common-password, and press Enter to edit the common-
password file.
18. If prompted for a password, enter user@123 to continue.
19. The common-password file opens in the text editor. To restrict the password, retry
three times before an error is returned; then, search for password requisite
pam_pwquality.so retry=3.
20. To set the minimum password length to eight characters, add minlength=8, as
shown in the screenshot below.
21. To set the password complexity, we need to set ucredit=1 dcredit=3 ocredit=1 in the
same line, as shown in the screenshot below.
ucredit set the minimum number of upper-case letters in the password. dcredit set the minimum
number of required digits in the password. ocredit set the minimum number of required special
character in the password. lcredit set the minimum number of required lowercase letters in the
password.

22. Click Save and close the file.


23. Now reboot/restart the system. Login with username Alice and
password user@123.
24. To demonstrate the implementation of the configured password policy, launch the
terminal and try to change the password for the current user.
25. Type the sudo passwd command and press Enter. A prompt for the current
password will appear; type user@123 and press Enter.
26. Try to enter the new password as test123; the system will not accept this password,
as it does not satisfy the password policy.
27. Close the terminal and re-launch the terminal again.
28. Type the sudo passwd command and press Enter. A prompt for the current
password will appear; type user@123 and press Enter.
29. Enter new password as Cnduser@123 and repeat to confirm; then, press Enter. The
password is successfully updated.
30. To change user Alice’s password back to user@123, type the sudo
passwd command and press Enter. If you will receive a prompt for the current
password. Type Cnduser@123 and press Enter. else type user@123 as new password
and repeat to confirm; press Enter. The password is successfully updated.
31. This way, the network defender can implement the password policy on Linux.

You might also like