Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

23 January 2008

How to Limit user access based on timings in Linux

To limit the access to a Linux operating
system in a time range, you would like to use pam_time.so.

1.Open the file /etc/security/time.conf

Format of the file is:
Service;ttys;users;time
To limit ssh access from 23:00 PM and 08:00 AM.

sshd;*;*;!Al2300-0800

the !Al means, anything except "All the days".

To permit people from 4 to 8 PM all the days, except root:login;*;!root;!Al1600-2000

Posted by at No comments:
Labels: , , ,

Password Policy on Linux Systems


Password policy is a part of security policy in an organization.It focuses mainly on below areas

 1.Password aging information.
2.Password strength.
3.Monitoring failed login attempts.
Posted by at No comments:
Labels: , ,

17 January 2008

Set default password expiry policy for all users in Linux

The /etc/login.defs file defines the site-wide configuration for password expiry.

 Each line of the file describing one configuration parameter.The lines consist of a configuration name and value, separated by whitespace.
We need to set default password expiry using /etc/login.defs file:
  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.
E.g.,

PASS_MAX_DAYS 30
PASS_MIN_DAYS 15
PASS_WARN_AGE 7
Posted by at No comments:
Labels: , ,

13 November 2007

Password protect single user mode in Linux

The single user mode in Linux is considered the rescue mode.However,anyone who gets physical access to the machine could easily change the root password by booting into single user mode.

 This is a security concern in Linux.

So to password protect the single user mode,add/append the following line in your
/etc/inittab file:

 su:S:wait:/sbin/sulogin

 Now,whenever the system is booted in single user mode,it'll first prompt for the 'root' password.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)