Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


centos_7_prevent_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
centos_7_prevent_access [2015/09/14 11:41]
admin [CentOS 7 - login access control, access.conf]
centos_7_prevent_access [2015/09/14 11:46]
admin [CentOS 7 - login access control, access.conf]
Line 5: Line 5:
 Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'. Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'.
  
-To prevent this, you can allow access to only specific groups by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.+To prevent this, you can allow access to only specific users, groups and locations by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.
  
   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.
centos_7_prevent_access.txt ยท Last modified: 2015/09/14 11:46 by admin