diff --git a/KSecMain/policy/shell/minlen.sh b/KSecMain/policy/shell/minlen.sh
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/KSecMain/policy/shell/ocredit.sh b/KSecMain/policy/shell/ocredit.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a6db722aee40bdf5fea7c0d2d9798613a0236dac
--- /dev/null
+++ b/KSecMain/policy/shell/ocredit.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+PassOCredit()
+{
+  AUTH_FILE_PATH=/etc/pam.d/
+
+  [ "${G_MODE}" == 'c' ] && PassOCreditCheckWithEcho
+}
+function PassOCreditCheckWithEcho()
+{
+  PassOCreditCheck
+  EchoCheckResult
+}
+
+function PassOCreditCheck()
+{
+  OCREDIT_SYSTEM=$(grep -oP '^password.*pam_pwquality.so.*\bocredit=\K-?\d+' $AUTH_FILE_PATH/system-auth)
+  OCREDIT_PWQUALITY=$(grep -oP '^\s*ocredit\s*=\s*\K-?\d+' /etc/security/pwquality.conf)
+  if [[ (-z "$OCREDIT_SYSTEM" || "$OCREDIT_SYSTEM" -gt $I_OCREDIT) ||  (-z "$OCREDIT_PWQUALITY" || "$OCREDIT_PWQUALITY" -gt $I_OCREDIT ) ]]; then
+    # 需要输出检测结果和实际值
+    if [[ -z "$OCREDIT_SYSTEM" || -z "$OCREDIT_PWQUALITY" ]];then
+      VALUE="未配置"
+    elif [[ "$OCREDIT_SYSTEM" -gt $I_OCREDIT ]];then
+      VALUE=$OCREDIT_SYSTEM
+    else
+      VALUE=$OCREDIT_PWQUALITY
+    fi
+    RESULT="fail"
+  else
+    VALUE=$OCREDIT_SYSTEM
+    RESULT="success"
+  fi
+}
+
+# 用于输出结果的方法
+function EchoCheckResult()
+{
+  [ "${G_MODE}" == 'c' ] && echo "$RESULT@$VALUE@$I_OCREDIT"
+}
+
+if [[ "$#" -eq 3 ]];then
+  I_OCREDIT="$1";
+  if ! [[ "$I_OCREDIT" =~ ^(-[0-9]+|[0-9]+)$ ]];then
+    I_OCREDIT=-1
+  fi
+  G_MODE="$2";
+  VALUE_BAK_FILE="$3"
+  PassOCredit
+else
+  G_MODE='c'
+  I_OCREDIT=-1
+  PassOCredit
+fi
+