LinuxCBT PAM Edition
eLeaning | 308.57 MB
PAM Security - Module VII
* Introduction - Topology - Features
o Discuss course outline
o Explore system configuration
o Explore network topology
o Identify primary PAM systems
o Enumerate and discuss key PAM features
*
* PAM Rules Files & Syntax
o Identify key PAM configuration files
o Explain the purpose of the /etc/pam.d/other PAM rules file
o Discuss PAM's 4 management tasks
o Identify the 4 tokens supported within PAM rules files
o Explain possible values for the 4 supported rules file tokens
o Discuss PAM's stacking of rules for the 4 management tasks
o Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
o Explore the contents of included PAM rules files
*
* Common PAMs - Identify & Discuss Commonly Implemented PAMs
o Explain the purpose and implementation of pam_echo
o Test pam_echo using SSH
o Explain the purpose and implementation of pam_warn
o Explain the purpose and implementation of pam_deny
o Identify instances of pam_warn and pam_deny modules
o Explain the purpose and implementation of pam_unix2
o Identify instances of pam_unix2 module
o Explain the purpose and implementation of pam_env
o Explain the purpose and implementation of pam_ftp
o Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
o Explain the purpose and implementation of pam_lastlog
o Explain the purpose and implementation of pam_limits
o Explain the purpose and implementation of pam_listfile
o Explain the purpose and implementation of pam_nologin
*
* Account Policies with PAM
o Explain authentication flow when using PAM
o Discuss account policies features
o Identify and peruse the default account policies file: /etc/login.defs
o Discus PAM's usage of /etc/login.defs as it pertains to system security
o Discuss pam_pwcheck is maintaining system policy
o Configure pam_pwcheck to support minimum password length
o Correlate pam_pwcheck system policy to user accounts database
o Configure pam_pwcheck to support password history
o Use chage to enumerate and change user accounts' attributes associated with system policy
*
* PAM Tally
o Explain applications of pam_tally
o Identify failed logins log file: /var/log/faillog
o Identify PAM authentication messages in /var/log/messages
o Compare and contrast pam_tally with faillog
o Use pam_tally to display user's tally
o Enable pam_tally system-wide with desired policy
o Fail to login multiple times, exceeding the system policy and evaluate results
o Reset user's login count using pam_tally and faillog
o Redirect PAM log messages using Syslog-NG
*
* PAM Password Quality Check (pam_passwdqc)
o Identify pam_passwdqc using RPM
o Discuss features
o Enumerate the supported password character classes - Complex passwords
o Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
o Test password policy in non-enforcing mode
o Evaluate the effects
o Enable password policy in enforcing mode and evaluate
o Alter character class and length (complexity) requirements and evaluate
*
* PAM Time - Time-based Access Control
o Discuss features
o Explain configuration file syntax
o Impose restrictions on common services
o Evaluate results
*
* PAM Nologin
o Discuss features
o Explain configuration file syntax
o Implement nologin module via /etc/nologin
o Evaluate results
*
* PAM Limits - System Resource Limits Controlled by PAM
o Discuss features
o Explain configuration file syntax
o Impose restrictions on system resources
o Evaluate results
*
* PAM Authentication with Apache
o Discuss features and desired result
o Install Apache and development modules providing apxs support
o Download PAM Apache module
o Compile and install PAM Apache module
o Configure Apache web site to support PAM
o Evaluate results
*
* PAM Make $HOME Dir
o Explore features
o Implement pam_mkhomedir
o Create new accounts without $HOME
o Evaluate module results
*
* PAM Execute Processes
o Discuss applicability
o Implement pam_exec with various types
o Evaluate module results
*
* PAM Password History | Policy Enforcement
o Discuss benefits
o Implement pam_pwhistory
o Tweak defaults
o Evaluate module results
o Implement pam_pwcheck
o Contrast with pam_pwhistory
o Apply policy to all users
o Evaluate resuls
*
* PAM Wheel
o Consider applications
o Implement pam_wheel
o Evaluate results
Links Are interchangeable | No Pass | Enjoy!