53
edits
Changes
no edit summary
<li>[http://www.hscripts.com/tutorials/linux-services/index.php service] <b>or</b> [http://www.linux.com/learn/tutorials/527639-managing-services-on-linux-with-systemd systemctl] (on <u>newer</u> Linux distributions)</li>
<li>[http://www.ibm.com/developerworks/linux/library/l-pam/index.html PAM]</li>
<!--DEAD LINK<li>[http://tommi.org/2008/08/automaticly-blacklisting-password-attempts/ Automatically Blacklist Password Attempts]</li>-->
<li>[http://www.techcuriosity.com/resources/linux/advanced_file_permissions_in_linux.php Advanced File Permissions]</li>
<li>[http://www.cyberciti.biz/tips/howot-install-ubuntu-linux-ssh-server.html SSH]</li>
<!--DEAD LINK<li>[http://linuxmanpages.com/ Online Linux Manpages]</li>-->
</ul>
<ul>
<li>[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w3_l1.odp odp] | [http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w3_l1.pdf pdf] | [http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w3_l1.ppt ppt] (Slides: Linux Hardening - part 1)</li>
<!--DEAD LINK<li>[http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]</li>-->
<li>[http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]</li>
<!--<li>[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)] (Chapter 4)</li>-->
</ul>
<li>Research on the Internet how to edit the pam_abl configuration file. Documentation for pam_abl (web-browser) is available by using the file pathname:<br /><b>/usr/share/doc/pam_abl-0.2.3/pam_abl.html</b></li>
<li>Configure the file <b>/etc/security/pam_abl.conf</b> to use the <b>pam_time</b> module to permit remote ssh access only during the daytime.</li>
<li>Configure your system <b>to deny access for 1 day</b> to any user or host who has <u><b>5</b> invalid password attempts in an hour</u>, or <u><b>12</b> invalid password attempts in a day</u> using the <b>pam_abl</b> module.<br /><!--DEAD LINK<br />Here is a approximate example: [http://tommi.org/2008/08/automaticly-blacklisting-password-attempts/ Automatically Blacklist Password Attempts]<br />--><br /></li>
<li>Create a group named <b>development</b>.</li>
<li>Create the directory <b>/var/devel1</b> and <b>/var/devel2</b> and make them accessible to all users. Set the SGID permission bit on <b>/var/devel2</b> and make that directory owned by the group called <i>development</i>.<br /><br />Here is a link to setting SGID permissions: [http://www.techcuriosity.com/resources/linux/advanced_file_permissions_in_linux.php Advanced File Permissions]<br /><br /></li>