diff --git a/docs/server-os/posts/02-security-improvements.md b/docs/server-os/posts/02-security-improvements.md index a200a00..0000c47 100644 --- a/docs/server-os/posts/02-security-improvements.md +++ b/docs/server-os/posts/02-security-improvements.md @@ -2,7 +2,7 @@ title: Security improvements slug: security-improvents date: 2024-08-14 -draft: false +draft: true authors: - luc - nils @@ -305,11 +305,45 @@ Improve the security of the system by increasing the entropy with the `jitterent === "Gentoo Linux" ``` shell-session - sh# emerge -a jitterentropy + sh# emerge -a jitterentropy-library ``` and make sure that the module gets loaded: ``` shell title="/etc/modules-load.d/entropy.conf" jitterentropy_rng -``` \ No newline at end of file +``` + +## PAM + +There are a few changes that can be made to improve login protection. + +First install PAM through `util-linux-login`: + +=== "Alpine Linux" + + ``` shell-session + sh# apk add util-linux-login + ``` + +=== "Gentoo Linux" + + ``` shell-session + sh# emerge -a util-linux-login + ``` + +Delays can be a deterent against bruteforcing login attempts. Simply add the following line: + +``` shell title="/etc/pam.d/login" +auth optional pam_faildelay.so delay=5000000 +``` + +which will add a 5 second delay between login attempts. + +The system can also enforce a stronger hash algorithm for a more secure login protector by editing + +``` shell title="/etc/pam.d/base-password" +password required pam_unix.so nullock sha512 shadow rounds=1000000 +``` + +> If an account has already been created then change your password so that it is also secure, with: `passwd `. When creating a password make sure that it is at least 8 characters long. \ No newline at end of file diff --git a/docs/server-os/posts/03-container-management-podman-runit.md b/docs/server-os/posts/03-container-management-podman-runit.md index 806a4dd..f85b171 100644 --- a/docs/server-os/posts/03-container-management-podman-runit.md +++ b/docs/server-os/posts/03-container-management-podman-runit.md @@ -2,7 +2,7 @@ title: Rootless container management with Podman and runit slug: rootless-container-management-with-podman-and-runit date: 2024-08-30 -draft: false +draft: true authors: - luc tags: