msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m11s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-05 22:38:12 +02:00
parent ac579fd862
commit 3ad1726770
68 changed files with 86 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config/hooks/live/9994_password_policy.chroot
View File

@@ -26,7 +26,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -34,7 +34,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-Security-Contact: security@coresecret.eu
### Current recommendations for '/etc/security/pwquality.conf' based on common best practices,
### including NIST SP 80063B, https://pages.nist.gov/800-63-3/sp800-63b.html
### including NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
### and weighing usability against security.
### Configuration for systemwide password quality limits
@@ -46,7 +46,7 @@ difok = 4
### Length over complexity: Studies show that longer passphrases are significantly more
### resistant to brute-force and dictionary attacks. NIST recommends at least eight characters
### but advises longer passphrases (e.g., 1264) for increased security. Twenty characters strike a
### but advises longer passphrases (e.g., 12-64) for increased security. Twenty characters strike a
### good balance between security and user convenience.
### Minimum acceptable size for the new password (plus one if
### credits are not disabled, which is the default). (See pam_cracklib manual.)
@@ -54,7 +54,7 @@ difok = 4
minlen = 20
### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0
### NIST SP 80063B advises against rigid complexity rules (numbers, symbols, uppercase)
### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)
### because they can lead users to adopt predictable patterns (e.g., "Pa$$word!").
### Length and dictionary checks are more effective.