아래 스크립트를 한 번 실행했는데 enforce_for_root일치하는 항목이 발견되면 줄 끝에 추가되었습니다. 그러나 어떤 이유로 항목이 이미 존재하는데도 pam_pwquality.soif 를 계속 입력합니다 .if ! grep -q "enforce_for_root" /etc/pam.d/system-auth
#!/bin/bash
source oem.properties
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo " "
echo -n "Generating SSH keys ... "
if [ -f /home/rlee/.ssh/keys/$RSYNC_KEY ]; then
echo "key exists, skipping."
else
sudo -u rlee ssh-keygen -b 4096 -t $RSYNC_KEY_TYPE -f /home/rlee/.ssh/keys/$RSYNC_KEY -C "$RSYNC_KEY_COMMENT" -q -N ""
if [ $? -ne 0 ]; then log_error "Generating SSH keys."; fi
echo "OK"
fi
echo " "
echo "Add the public key to old OEM server."
echo "Create or modify the authorized_keys file on the old server."
echo "vim /home/rsync/.ssh/authorized_keys"
echo " "
echo "Add the following key: "
while true
do
cat /home/rlee/.ssh/keys/$RSYNC_KEY.pub
echo " "
read -p "Press 'C' to continue: " OPTION
if [ $OPTION == 'C' ] || [ $OPTION == 'c' ]; then break; fi
done
echo -n "Testing SSH connection ... "
ssh -p $OLD_OEM_PORT -i /home/rlee/.ssh/keys/$RSYNC_KEY -o StrictHostKeyChecking=no rsync@$OLD_OEM_HOSTNAME exit
if [ $? -ne 0 ]; then log_error "Testing SSH connection ... "; fi
echo "OK"
useradd llee
useradd nagios
# Enforce password policies
echo -n "Setting password policies ... "
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
if [ $? -ne 0 ]; then log_error "Setting password policies ... "; fi
echo "OK"
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
exit
adduser이 코드 블록을 명령문 앞의 아무 곳이나 옮기면 if ! grep -q "enforce_for_root" /etc/pam.d/system-auth예상대로 작동하지 않습니다.
왜 이런 일이 발생합니까?
#!/bin/bash
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
답변1
다음 줄이 문제를 일으켰습니다.
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
다음은 명령을 실행할 때 받는 메시지입니다 authconfig.
Running authconfig compatibility tool.
The purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig.
IMPORTANT: authconfig is replaced by authselect, please update your scripts.
See man authselect-migration(7) to help you with migration to authselect
pwquality.conf파일을 수정했어요
echo -n "Setting password policies ... "
sed -i -e '/# minlen =/s/# minlen/minlen/' /etc/security/pwquality.conf
sed -i -e '/# ucredit =/s/# ucredit/ucredit/' /etc/security/pwquality.conf
sed -i -e '/# lcredit =/s/# lcredit/lcredit/' /etc/security/pwquality.conf
sed -i -e '/# dcredit =/s/# dcredit/dcredit/' /etc/security/pwquality.conf
sed -i -e '/# ocredit =/s/# ocredit/ocredit/' /etc/security/pwquality.conf
sed -i -e '/# enforcing =/s/# enforcing/enforcing/' /etc/security/pwquality.conf
sed -i -e '/# enforce_for_root/s/# enforce_for_root/enforce_for_root/' /etc/security/pwquality.conf
sed -i -e 's/minlen = .*/minlen = 12/' /etc/security/pwquality.conf
sed -i -e 's/ucredit = .*/ucredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/lcredit = .*/lcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/dcredit = .*/dcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/ocredit = .*/ocredit = 1/' /etc/security/pwquality.conf
echo "OK"