https://blog.csdn.net/bigwood99/article/details/125972053
https://blog.csdn.net/weixin_42579598/article/details/114286578
https://zhidao.baidu.com/question/625587079762726572.html
Alibaba Cloud Linux操作系统未开启登录失败处理功能,未开启连接超时自动退出策略
https://blog.csdn.net/hjxloveqsx/article/details/129004832
https://blog.csdn.net/kongzhian/article/details/119607201
https://blog.csdn.net/DaQiangZhuang/article/details/127849229
登录失败处理功能策略
# 编辑系统/etc/pam.d/system-auth 文件,在 auth 字段所在的那一部分添加如下pam_tally2.so模块的策略参数:
auth required pam_tally2.so onerr=fail deny=5 unlock_time=300 even_deny_root root_unlock_time=300
# 或者
auth required pam_tally2.so onerr=fail deny=5 unlock_time=300 no_magic_root
2
3
4
Centos8:pam包中pam_tally2.so被删除,由pam_faillock.so替代
Centos8:pam包中pam_tally2.so被删除,由pam_faillock.so替代_没有pam_tally2.so-CSDN博客 (opens new window)
操作超时退出功能策略
# 编辑/etc/profile系统文件,在文件后面添加:
export TMOUT=300 #表示无操作300秒后自动退出
# 使修改生效
source /etc/profile
2
3
4
设置用户密码规则(复杂密码策略)方法
https://blog.csdn.net/li_c_yang/article/details/129850082
限制IP登录Linux服务器的几种方式
https://blog.csdn.net/weixin_45190065/article/details/128851505
linux下开启SSH,并且允许root用户远程登录,允许无密码登录
https://blog.csdn.net/weixin_46156844/article/details/104675112
# Mysql
https://blog.csdn.net/xtaypyvi123456/article/details/125274821
开启登录失败和超时功能参数
mysql -u root -p
mysql> show variables like '%connection_control%';
Empty set (0.00 sec)
mysql> install plugin CONNECTION_CONTROL soname 'connection_control.so';
Query OK, 0 rows affected (0.16 sec)
mysql> install plugin CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS soname 'connection_control.so';
Query OK, 0 rows affected (0.00 sec)
mysql> set global connection_control_failed_connections_threshold = 5;
Query OK, 0 rows affected (0.00 sec)
mysql> set global connection_control_min_connection_delay = 300000;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
设置了wait_timeout参数为86400,超时时间过长
mysql> show variables like '%timeout%';
mysql> set global wait_timeout=900;
2
密码复杂度策略设置
http://runxinzhi.com/mysqljs-p-14246130.html
validate_password插件卸载:https://blog.csdn.net/kfepiza/article/details/126913185
# 安装 validate_password 插件,此插件可以验证密码强度,未达到规定强度的密码则不允许被设置
mysql> show variables like 'validate%';
Empty set (0.00 sec)
# 通过 INSTALL PLUGIN 命令可安装此插件
# 每个平台的文件名后缀都不同 对于 Unix 和类 Unix 系统,为.so,对于 Windows 为.dll
mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.so';
Query OK, 0 rows affected, 1 warning (0.28 sec)
# 查看 validate_password 相关参数
mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | ON |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
设置某个账号密码过期时间
# 通过 mysql.user 系统表查看数据库账号状态
mysql> select user,host,password_expired,password_lifetime,password_last_changed,account_locked from mysql.user;
# 单独设置该账号密码90天过期
ALTER USER 'ekdb_advanced_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_approval_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_auth_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_base_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_dormitory_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_exam_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_flow_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_information_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_probation_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_rotation_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_statistical_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_template_center_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_template_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER 'ekdb_user_rw_1'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Mongo
navicat打开mongo命令行,mongo shell可执行文件路径尚未设置
https://blog.csdn.net/LiuLiYanSha/article/details/128106567
MangoDB数据库仅建立了r**t用户,当前不存在多余的、过期的账户,但存在共享账户
https://baijiahao.baidu.com/s?id=1741105806917677143
https://blog.csdn.net/qq_41428418/article/details/132175704
db.createUser({
user: "test",
pwd: "test",
roles: ["dbOwner"]
})
2
3
4
5
MangoDB数据库未启用密码复杂度策略,未设置密码定期更换策略
https://mp.weixin.qq.com/s?src=11×tamp=1695180995&ver=4785&signature=vfu2NwmvnakhWxHttwxlRkBEE5j2ORZW0bJbvinvm2vCtEfjHN32J4zQScE3YZkMZAlfuoiZuLLqzoJed4zzzkbjpw8DQFBz2Z7fW1naPzfJ*B5878qNU6KmkzC0UHol&new=1