Changeset 74f20a1
- Timestamp:
- 06/01/2015 07:35:45 PM (9 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 7.10, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 1ddddef
- Parents:
- 78b5501
- Location:
- postlfs/security
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/linux-pam.xml
r78b5501 r74f20a1 196 196 </para> 197 197 198 <screen role="root"><userinput>rm - rfv /etc/pam.d</userinput></screen>198 <screen role="root"><userinput>rm -fv /etc/pam.d/*</userinput></screen> 199 199 200 200 <para> … … 337 337 338 338 # End /etc/pam.d/system-password</literal> 339 EOF</userinput></screen> 340 341 <para>Now add a restrictive <filename>/etc/pam.d/other</filename> 342 configuration file. With this file, programs that are PAM aware will not 343 run unless a configuration file specifically for that application is 344 created.</para> 345 346 <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF" 347 <literal># Begin /etc/pam.d/other 348 349 auth required pam_warn.so 350 auth required pam_deny.so 351 account required pam_warn.so 352 account required pam_deny.so 353 password required pam_warn.so 354 password required pam_deny.so 355 session required pam_warn.so 356 session required pam_deny.so 357 358 # End /etc/pam.d/other</literal> 339 359 EOF</userinput></screen> 340 360 -
postlfs/security/shadow.xml
r78b5501 r74f20a1 478 478 </sect4> 479 479 480 <sect4>481 <title>Other</title>482 483 <para>484 Currently, <filename>/etc/pam.d/other</filename> is configured to485 allow anyone with an account on the machine to use PAM-aware programs486 without a configuration file for that program. After testing487 <application>Linux-PAM</application> for proper configuration, install488 a more restrictive <filename>other</filename> file so that489 program-specific configuration files are required:490 </para>491 492 <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF"493 <literal># Begin /etc/pam.d/other494 495 auth required pam_warn.so496 auth required pam_deny.so497 account required pam_warn.so498 account required pam_deny.so499 password required pam_warn.so500 password required pam_deny.so501 session required pam_warn.so502 session required pam_deny.so503 504 # End /etc/pam.d/other</literal>505 EOF</userinput></screen>506 </sect4>507 508 480 <sect4 id="pam-access"> 509 481 <title>Configuring Login Access</title> … … 542 514 543 515 <screen role="root"><userinput>[ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}</userinput></screen> 516 517 <caution><para>Be sure to test the login capabilities of the system 518 before logging out. Errors in the configuration can casue a permanent 519 lockout requiring a boot from an external source to correct the 520 problem.</para></caution> 521 544 522 </sect4> 545 523 </sect3> 524 546 525 </sect2> 547 526
Note:
See TracChangeset
for help on using the changeset viewer.