Change Password Complexity Requirements
avatar

There are no password requirements by default in CentOS and Fedora, however it is very simple to add them.

  1. edit /etc/pam.d/system-auth
  2. change the line which says:

password requisite pam_cracklib.so try_first_pass retry=3

to

password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 ucredit=2 dcredit=3 ocredit=-1 lcredit=1

NOTES:
minlen=N minimum password size
dcredit=N the maximum credit for having digits in the new password
lcredit=N the maximum credit for having lowercase in the new password
ocredit=N the maximum credit for having other characters in the new passworducredit=N the maximum credit for having uppercase in the new password
difok=N the default number of characters which need to differ from the current password

The way this works is for each character type you are defining how much of a maxium “bonus” the user gets for using it.  If you use a negative number then the it is required to contain that many of the type.  A value of lcredit=-2 means there is a requirement of at least 2 lowercase letters.  So if in the example below the minimum length is 8 so the password of “foobar” would be 6 characters long so 6 points plus 1 for using lower case giving a total score of 6 + 1 =7.  Here are some more password examples using the settings shown above:

Password Count Total Score Valid
foobar 6 + 1 7 No
Foobar 6 + 1 + 1 9 Yes
FOobar 6 + 2  + 1 10 Yes
F0obar1! 6 + 2 + 3 + 1 + 3 15 Yes

 

 

Posted in CentOS, Fedora, Linux | Tagged , | Leave a comment

Change Password Encryption
avatar

The default password encryption on CentOS or Fedora is pretty weak.  If your shadow file were to be compromised it would not take long to get your passwords.  The command below will allow you to change your encryption to be the much stronger sha512 encryption.

authconfig –passalgo=sha512 –update

Posted in CentOS, Fedora, Linux | Tagged , , | Leave a comment

Permanently Turn on Automatic Syntax Highlighting
avatar

If you are like me you write a lot of code in vim.  I have noticed by default some distros don’t install vim with automatic syntax highlighting.

  1. edit /etc/vimrc
  2. add “syntax on”
Posted in Linux | Tagged , , | Leave a comment

Clean Out Orphaned Packages in Arch
avatar

After using Arch for a while and installing and removing applications you are bound to accumulate orphaned packages… which are just packages that were install as dependencies  but now that the original program has been remove they are no longer needed.  An easy way to remove them automatically is to run the following command:

pacman -Rsn $(pacman -Qqdt)

This will do a query of orphan packages and then dump that right into the command to remove them.

Posted in Arch | Tagged , | Leave a comment