|
@@ -317,6 +317,17 @@ function remove_default_user {
|
317
|
317
|
fi
|
318
|
318
|
}
|
319
|
319
|
|
|
320
|
+function enforce_good_passwords {
|
|
321
|
+ # because humans are generally bad at choosing passwords
|
|
322
|
+ if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
|
|
323
|
+ return
|
|
324
|
+ fi
|
|
325
|
+ apt-get -y --force-yes install libpam-cracklib
|
|
326
|
+
|
|
327
|
+ sed -i 's/password requisite pam_deny.so/password requisite pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
|
|
328
|
+ echo 'enforce_good_passwords' >> $COMPLETION_FILE
|
|
329
|
+}
|
|
330
|
+
|
320
|
331
|
function change_login_message {
|
321
|
332
|
if grep -Fxq "change_login_message" $COMPLETION_FILE; then
|
322
|
333
|
return
|
|
@@ -3414,6 +3425,7 @@ change_debian_repos
|
3414
|
3425
|
enable_backports
|
3415
|
3426
|
configure_dns
|
3416
|
3427
|
initial_setup
|
|
3428
|
+enforce_good_passwords
|
3417
|
3429
|
install_editor
|
3418
|
3430
|
change_login_message
|
3419
|
3431
|
update_the_kernel
|