Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


centos_7_prevent_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
centos_7_prevent_access [2015/09/14 11:41]
admin [CentOS 7 - login access control, access.conf]
centos_7_prevent_access [2015/09/14 11:46]
admin [CentOS 7 - login access control, access.conf]
Line 5: Line 5:
 Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using '​su'​. Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using '​su'​.
  
-To prevent this, you can allow access to only specific groups by configuring it in the /​etc/​security/​access.conf file and modify /​etc/​pam.d/​system-auth.+To prevent this, you can allow access to only specific ​users, ​groups ​and locations ​by configuring it in the /​etc/​security/​access.conf file and modify /​etc/​pam.d/​system-auth.
  
   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.
centos_7_prevent_access.txt ยท Last modified: 2015/09/14 11:46 by admin