Hardening the PAM framework

    Date25 Sep 2004
    4206
    Posted ByAnthony Pell
    In yesterday's article we began looking at how PAM can securely authenticate Windows users. Today we'll check the PAM framework . . .
    In yesterday's article we began looking at how PAM can securely authenticate Windows users. Today we'll check the PAM framework, harden the basic services that we expect to authenticate to, and look at new PAM modules that might make our systems more secure.

    This article is excerpted from the recently published book Hardening Linux published by McGraw-Hill/Osborne, 2004, with permission from McGraw-Hill.

    First make sure that /etc/pam.conf doesn't exist unless this is an old system running an older version of PAM.

    Next, make sure that /etc/pam.d exists, and contains PAM configuration files.

    The first user to log in at the console of a Linux box can get ownership of many hardware devices, depending on how PAM is configured. Traditionally, Unix systems let the superuser (root) own the hardware, but to make it easy for desktop users to access devices such as sound cards, CD drives, and the like, the first console user can be set up to have ownership of these devices. Ownership reverts to root when the console user logs out. The device list is in /etc/security/console.perms, and ownership is changed by the PAM module pam_console.so.

    The link for this article located at newsforge.com is no longer available. 

     

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.