Open main menu

CDOT Wiki β


SEC520/labs/Lab 6

71 bytes added, 10:41, 1 February 2018
no edit summary
<li>[ service] <b>or</b> [ systemctl] (on <u>newer</u> Linux distributions)</li>
<li>[ PAM]</li>
<!--DEAD LINK<li>[ Automatically Blacklist Password Attempts]</li>-->
<li>[ Advanced File Permissions]</li>
<li>[ SSH]</li>
<!--DEAD LINK<li>[ Online Linux Manpages]</li>-->
<li>[ odp] | [ pdf] | [ ppt] (Slides: Linux Hardening - part 1)</li>
<!--DEAD LINK<li>[ Why Use PAM?]</li>-->
<li>[ Understanding and Configuring PAM]</li>
<!--<li>[ Linux Security Cookbook (E-book)] (Chapter 4)</li>-->
<li>Research on the Internet how to edit the pam_abl configuration file. Documentation for pam_abl (web-browser) is available by using the file pathname:<br /><b>/usr/share/doc/pam_abl-0.2.3/pam_abl.html</b></li>
<li>Configure the file <b>/etc/security/pam_abl.conf</b> to use the <b>pam_time</b> module to permit remote ssh access only during the daytime.</li>
<li>Configure your system <b>to deny access for 1 day</b> to any user or host who has <u><b>5</b> invalid password attempts in an hour</u>, or <u><b>12</b> invalid password attempts in a day</u> using the <b>pam_abl</b> module.<br /><!--DEAD LINK<br />Here is a approximate example: [ Automatically Blacklist Password Attempts]<br />--><br /></li>
<li>Create a group named <b>development</b>.</li>
<li>Create the directory <b>/var/devel1</b> and <b>/var/devel2</b> and make them accessible to all users. Set the SGID permission bit on <b>/var/devel2</b> and make that directory owned by the group called <i>development</i>.<br /><br />Here is a link to setting SGID permissions: [ Advanced File Permissions]<br /><br /></li>