LinuxCBT Security Edition之 LinuxCBT PAM Edition[大家论坛-大家学习网论坛]

LinuxCBT Security Edition - LinuxCBT PAM Edition

图片点击可在新窗口打开查看此主题相关图片如下linuxcbt_security_edition_c.jpg：

建议大家使用下载工具下载，这个是bin文件类型的虚拟光盘文件。
[replyview]LinuxCBT.PAM.Edition[www.TopSage.com].bin[/replyview]

LinuxCBT PAM Edition encompasses: 1. Pluggable Authentication Modules (PAM) Security.

LinuxCBT PAM Edition entails 6-hours, or ~1-day of classroom training. LinuxCBT PAM Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions.

此主题相关图片如下pam.png：

PAM Security - Module 1

Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Explore network topology
- Identify primary PAM systems
- Enumerate and discuss key PAM features
PAM Rules Files & Syntax
- Identify key PAM configuration files
- Explain the purpose of the /etc/pam.d/other PAM rules file
- Discuss PAM's 4 management tasks
- Identify the 4 tokens supported within PAM rules files
- Explain possible values for the 4 supported rules file tokens
- Discuss PAM's stacking of rules for the 4 management tasks
- Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
- Explore the contents of included PAM rules files
Common PAMs - Identify & Discuss Commonly Implemented PAMs
- Explain the purpose and implementation of pam_echo
- Test pam_echo using SSH
- Explain the purpose and implementation of pam_warn
- Explain the purpose and implementation of pam_deny
- Identify instances of pam_warn and pam_deny modules
- Explain the purpose and implementation of pam_unix2
- Identify instances of pam_unix2 module
- Explain the purpose and implementation of pam_env
- Explain the purpose and implementation of pam_ftp
- Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
- Explain the purpose and implementation of pam_lastlog
- Explain the purpose and implementation of pam_limits
- Explain the purpose and implementation of pam_listfile
- Explain the purpose and implementation of pam_nologin
Account Policies with PAM
- Explain authentication flow when using PAM
- Discuss account policies features
- Identify and peruse the default account policies file: /etc/login.defs
- Discus PAM's usage of /etc/login.defs as it pertains to system security
- Discuss pam_pwcheck is maintaining system policy
- Configure pam_pwcheck to support minimum password length
- Correlate pam_pwcheck system policy to user accounts database
- Configure pam_pwcheck to support password history
- Use chage to enumerate and change user accounts' attributes associated with system policy
PAM Tally
- Explain applications of pam_tally
- Identify failed logins log file: /var/log/faillog
- Identify PAM authentication messages in /var/log/messages
- Compare and contrast pam_tally with faillog
- Use pam_tally to display user's tally
- Enable pam_tally system-wide with desired policy
- Fail to login multiple times, exceeding the system policy and evaluate results
- Reset user's login count using pam_tally and faillog
- Redirect PAM log messages using Syslog-NG
PAM Password Quality Check (pam_passwdqc)
- Identify pam_passwdqc using RPM
- Discuss features
- Enumerate the supported password character classes - Complex passwords
- Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
- Test password policy in non-enforcing mode
- Evaluate the effects
- Enable password policy in enforcing mode and evaluate
- Alter character class and length (complexity) requirements and evaluate
PAM Time - Time-based Access Control
- Discuss features
- Explain configuration file syntax
- Impose restrictions on common services
- Evaluate results
PAM Nologin
- Discuss features
- Explain configuration file syntax
- Implement nologin module via /etc/nologin
- Evaluate results
PAM Limits - System Resource Limits Controlled by PAM
- Discuss features
- Explain configuration file syntax
- Impose restrictions on system resources
- Evaluate results
PAM Authentication with Apache

Discuss features and desired result
Install Apache and development modules providing apxs support
Download PAM Apache module
Compile and install PAM Apache module
Configure Apache web site to support PAM
Evaluate results

主题：LinuxCBT Security Edition之 LinuxCBT PAM Edition