Pam

메일을 받았다. Hello, Please act before October 31, 2019 to address an upcoming interruption of your applications using RDS and Aurora database instances. To protect your communications with RDS database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by your database client software to authenticate any RDS database instance(s) before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure RDS customer connections are properly protected for years to come. The current CA expires on March 5, 2020, requiring updates to existing RDS database instances with certificates referencing the current CA. ...

패스워드 유효성 검증 로그인 실패 5 계정 잠금 5분 $vi /etc/pam.d/common-auth 16번째줄 삽입 auth required pam_tally2.so file=/var/log/tallylog deny=5 even_deny_root unlock_time=300 $vi /etc/pam.d/common-account 16 줄에 삽입 account required pam_tally2.so 패스워드 만료 모듈 설치 #apt-get -y install libpam-pwquality 패스워드 만료 모듈의 경우에는 사용자를 새로 만들때만 영향을 줍니다. 따라서 기존유저에 적용시에는 명령어로 지정해주어야 합니다. 패스워드 사용가능 최대 기간 #chage -m (days) (user) PASS_MAX_DAYS 180 패스워드 사용가능 최소 기간 #chage -m (days) (user) ...