等保测评--postgres增加密码负责度策略，防止暴力破解

1、密码加密方式：
show password_encryption;
select * from pg_shadow where usename='test';

2、密码有效期：
修改用户密码过期时间:
alter user user_name with valid until '2021-05-01 12:00:00';

修改用户密码永不过期:
alter user user_name with valid until 'infinity';

3、密码复杂度策略，

select name,setting from pg_settings where name like '%dynamic%';

#启用passwordcheck模块,实现密码复杂度策略
alter system set shared_preload_libraries=passwordcheck;

验证
postgres=# alter role fujian_fore with password 'test';
ERROR: password is too short
postgres=# alter role fujian_fore password '12345678';
ERROR: password must contain both letters and nonletters
postgres=# alter role fujian_fore with password 'fujian_fore1234';
ERROR: password must not contain user name
postgres=# alter role admins with password 'tttt1234';

4、防止暴力破解
验证失败后, 延迟一段时间的状态返回，才能继续验证
alter system set shared_preload_libraries=auth_delay;
alter system set auth_delay.milliseconds=30000;//30分钟

5、密码验证失败次数限制，失败后锁定, 以及解锁时间
目前PostgreSQL不支持这个安全策略, 目前只能使用auth_delay来延长暴力破解的时间.

标签：暴力破解,postgres,--,fujian,密码,user,password,alter,name
来源： https://www.cnblogs.com/tiandi/p/13647341.html