[SOLVED] CentOS-6.x equivalent to /etc/security/policy.conf
Posted: 2016/02/10 21:09:57
Is there a CentOS/Linux equivalent to the Solaris 10 SPARC file - /etc/security/policy.conf
This file allows the administrator to set many system-specific security specifications.
For example, there is a variable called CRYPT_ALGORITHMS_ALLOW
Here is a real-world example
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6; where:
1 = BSD m5
2a = BSD Blowfish
md5 = SUN’s MD5
5 = sha-256, and of course
6 = sha-512
and if you remove 1,2a,md5 and 5 that would mean that any accounts in /etc/shadow with a $1 or $2a or $5 would not be allowed; only $6 = sha-512 would be allowed for valid password hashes on that system/
Also, in this file, among many other things you can set the CRYPT_DEFAULT variable; and on my server (as of recent changes required) I now have in that file:
CRYPT_DEFAULT=6
This file allows the administrator to set many system-specific security specifications.
For example, there is a variable called CRYPT_ALGORITHMS_ALLOW
Here is a real-world example
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6; where:
1 = BSD m5
2a = BSD Blowfish
md5 = SUN’s MD5
5 = sha-256, and of course
6 = sha-512
and if you remove 1,2a,md5 and 5 that would mean that any accounts in /etc/shadow with a $1 or $2a or $5 would not be allowed; only $6 = sha-512 would be allowed for valid password hashes on that system/
Also, in this file, among many other things you can set the CRYPT_DEFAULT variable; and on my server (as of recent changes required) I now have in that file:
CRYPT_DEFAULT=6