Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


centos_7_prevent_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
centos_7_prevent_access [2015/09/14 09:36] – [CentOS 7 - access.conf] admincentos_7_prevent_access [2015/09/14 09:46] – [CentOS 7 - login access control, access.conf] admin
Line 5: Line 5:
 Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'. Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'.
  
-To prevent this, you can allow access to only specific groups by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.+To prevent this, you can allow access to only specific users, groups and locations by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.
  
-  * Add to /etc/security/access.conf:<code># vim /etc/security/access.conf+  * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig. 
 +  * Add the configuration to **/etc/security/access.conf**. See examples below:<code># vim /etc/security/access.conf
  
 # Everyone in the group sysaccess can login from all locations. # Everyone in the group sysaccess can login from all locations.
centos_7_prevent_access.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1