Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


centos_7_prevent_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
centos_7_prevent_access [2015/09/14 09:41] – [CentOS 7 - login access control, access.conf] admincentos_7_prevent_access [2015/09/14 09:46] – [CentOS 7 - login access control, access.conf] admin
Line 5: Line 5:
 Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'. Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'.
  
-To prevent this, you can allow access to only specific groups by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.+To prevent this, you can allow access to only specific users, groups and locations by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.
  
   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.   * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.
centos_7_prevent_access.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1