LinuxCBT PAM Edition encompasses: 1. Pluggable Authentication Modules (PAM) Security.
LinuxCBT PAM Edition entails 8-hours, or ~1-day of classroom training. LinuxCBT PAM Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions.
Let LinuxCBT PAM Edition cost-effectively sharpen your PAM Security skills!
Recommended Prerequisites for:
- Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
- Open mind & determination to master Linux and related open-source applications
- Basic understanding of networking concepts
- Access to a PC to follow the exercises
PAM Security - Module VII
- Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Explore network topology
- Identify primary PAM systems
- Enumerate and discuss key PAM features
- PAM Rules Files & Syntax
- Identify key PAM configuration files
- Explain the purpose of the /etc/pam.d/other PAM rules file
- Discuss PAM's 4 management tasks
- Identify
the 4 tokens supported within PAM rules files
- Explain possible values for the 4 supported rules file tokens
- Discuss PAM's stacking of rules
for the 4 management tasks
- Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
- Explore the contents of included PAM rules files
- Common PAMs
- Identify & Discuss Commonly Implemented PAMs
- Explain the purpose and implementation of pam_echo
- Test pam_echo using SSH
- Explain the purpose and implementation of pam_warn
- Explain the purpose and implementation of pam_deny
- Identify instances of pam_warn and pam_deny modules
- Explain the purpose and implementation of pam_unix2
- Identify instances of pam_unix2 module
- Explain the purpose and implementation of pam_env
- Explain the purpose and implementation of pam_ftp
- Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
- Explain the purpose and implementation of pam_lastlog
- Explain the purpose and implementation of pam_limits
- Explain the purpose and implementation of pam_listfile
- Explain the purpose and implementation of pam_nologin
- Account Policies with PAM
- Explain authentication flow when using PAM
- Discuss account policies features
- Identify and peruse the default account policies file: /etc/login.defs
- Discus PAM's usage of /etc/login.defs as it pertains to system security
- Discuss pam_pwcheck is maintaining system policy
- Configure pam_pwcheck to support minimum password length
- Correlate pam_pwcheck system policy to user accounts database
- Configure pam_pwcheck to support password history
- Use chage to enumerate and change user accounts' attributes associated with system policy
- PAM Tally
- Explain applications of pam_tally
- Identify failed logins log file: /var/log/faillog
- Identify PAM authentication messages in /var/log/messages
- Compare and contrast pam_tally with faillog
- Use pam_tally to display user's tally
- Enable pam_tally system-wide
with desired policy
- Fail to login multiple times, exceeding the system policy and evaluate results
- Reset user's login count using pam_tally and faillog
- Redirect PAM log messages using Syslog-NG
- PAM Password Quality Check (pam_passwdqc)
- Identify pam_passwdqc using RPM
- Discuss features
- Enumerate the supported password character classes - Complex passwords
- Replace pam_pwcheck with pam_passwdqc
using at least 2 character classes
- Test password policy in non-enforcing mode
- Evaluate the effects
- Enable password policy in enforcing mode and evaluate
- Alter character class and length (complexity) requirements and evaluate
- PAM Time - Time-based Access Control
- Discuss features
- Explain configuration file syntax
- Impose restrictions on common services
- Evaluate results
- PAM Nologin
- Discuss features
- Explain configuration file syntax
- Implement nologin module
via /etc/nologin
- Evaluate results
- PAM Limits - System Resource Limits Controlled by PAM
- Discuss features
- Explain configuration file syntax
- Impose restrictions on system resources
- Evaluate results
- PAM Authentication with Apache
- Discuss features
and desired result
- Install Apache
and development modules providing apxs support
- Download PAM Apache module
- Compile and install PAM Apache module
- Configure Apache web site to support PAM
- Evaluate results
- PAM Make $HOME Dir
- Explore features
- Implement pam_mkhomedir
- Create new accounts without $HOME
- Evaluate module results
- PAM Execute Processes
- Discuss applicability
- Implement pam_exec with various types
- Evaluate module results
- PAM Password History | Policy Enforcement
- Discuss benefits
- Implement pam_pwhistory
- Tweak defaults
- Evaluate module results
- Implement pam_pwcheck
- Contrast with pam_pwhistory
- Apply policy to all users
- Evaluate resuls
- top
|
