From 243eacbd6ab2fb8fdae3e457d12cf939941ec7ac Mon Sep 17 00:00:00 2001 From: Luc Date: Sat, 26 Jul 2025 20:03:01 +0200 Subject: [PATCH] docs/server-os/posts/02-security-improvements.md: update Remove PAM and set draft false. --- .../posts/02-security-improvements.md | 40 ++----------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/docs/server-os/posts/02-security-improvements.md b/docs/server-os/posts/02-security-improvements.md index 0000c47..a200a00 100644 --- a/docs/server-os/posts/02-security-improvements.md +++ b/docs/server-os/posts/02-security-improvements.md @@ -2,7 +2,7 @@ title: Security improvements slug: security-improvents date: 2024-08-14 -draft: true +draft: false authors: - luc - nils @@ -305,45 +305,11 @@ Improve the security of the system by increasing the entropy with the `jitterent === "Gentoo Linux" ``` shell-session - sh# emerge -a jitterentropy-library + sh# emerge -a jitterentropy ``` and make sure that the module gets loaded: ``` shell title="/etc/modules-load.d/entropy.conf" jitterentropy_rng -``` - -## PAM - -There are a few changes that can be made to improve login protection. - -First install PAM through `util-linux-login`: - -=== "Alpine Linux" - - ``` shell-session - sh# apk add util-linux-login - ``` - -=== "Gentoo Linux" - - ``` shell-session - sh# emerge -a util-linux-login - ``` - -Delays can be a deterent against bruteforcing login attempts. Simply add the following line: - -``` shell title="/etc/pam.d/login" -auth optional pam_faildelay.so delay=5000000 -``` - -which will add a 5 second delay between login attempts. - -The system can also enforce a stronger hash algorithm for a more secure login protector by editing - -``` shell title="/etc/pam.d/base-password" -password required pam_unix.so nullock sha512 shadow rounds=1000000 -``` - -> If an account has already been created then change your password so that it is also secure, with: `passwd `. When creating a password make sure that it is at least 8 characters long. \ No newline at end of file +``` \ No newline at end of file