逐条注释 ``` if [ -f "/etc/pam.d/system-auth" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth fi fi ```
时间: 2024-04-15 10:31:07 浏览: 154
这段脚本的作用是检查/etc/pam.d/system-auth文件是否存在,并其进行修改或添加配置。具体解释如下:
```shell
if [ -f "/etc/pam.d/system-auth" ];then
```
- 检查/etc/pam.d/system-auth文件是否存在。如果存在,则执行下面的操作;如果不存在,则不执行并继续执行脚本的其他部分。
```shell
if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth
then
sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth
else
echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth
fi
```
- 检查/etc/pam.d/system-auth文件中是否存在"password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1"这一行。
- 如果存在,则使用sed命令将该行的行首的注释符号#去掉,即取消注释。
- 如果不存在,则在文件末尾添加一行"password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1"。
```shell
if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth
then
sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth
else
echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth
fi
```
- 检查/etc/pam.d/system-auth文件中是否存在"password required pam_unix.so remember=5 use_authtok md5 shadow"这一行。
- 如果存在,则使用sed命令将该行的行首的注释符号#去掉,即取消注释。
- 如果不存在,则在文件末尾添加一行"password required pam_unix.so remember=5 use_authtok md5 shadow"。
这段脚本的目的是修改或添加/etc/pam.d/system-auth文件中的密码策略配置,包括设置密码复杂度和密码保留历史记录等。
阅读全文