LinuxCBT PAM

PAM Security - Module 1
Introduction - Topology - Features
Discuss course outline
Explore system configuration
Explore network topology
Identify primary PAM systems
Enumerate and discuss key PAM features
PAM Rules Files & Syntax
Identify key PAM configuration files
Explain the purpose of the /etc/pam.d/other PAM rules file
Discuss PAM's 4 management tasks
Identify the 4 tokens supported within PAM rules files
Explain possible values for the 4 supported rules file tokens
Discuss PAM's stacking of rules for the 4 management tasks
Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
Explore the contents of included PAM rules files
Common PAMs - Identify & Discuss Commonly Implemented PAMs
Explain the purpose and implementation of pam_echo
Test pam_echo using SSH
Explain the purpose and implementation of pam_warn
Explain the purpose and implementation of pam_deny
Identify instances of pam_warn and pam_deny modules
Explain the purpose and implementation of pam_unix2
Identify instances of pam_unix2 module
Explain the purpose and implementation of pam_env
Explain the purpose and implementation of pam_ftp
Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
Explain the purpose and implementation of pam_lastlog
Explain the purpose and implementation of pam_limits
Explain the purpose and implementation of pam_listfile
Explain the purpose and implementation of pam_nologin
Account Policies with PAM
Explain authentication flow when using PAM
Discuss account policies features
Identify and peruse the default account policies file: /etc/login.defs
Discus PAM's usage of /etc/login.defs as it pertains to system security
Discuss pam_pwcheck is maintaining system policy
Configure pam_pwcheck to support minimum password length
Correlate pam_pwcheck system policy to user accounts database
Configure pam_pwcheck to support password history
Use chage to enumerate and change user accounts' attributes associated with system policy
PAM Tally
Explain applications of pam_tally
Identify failed logins log file: /var/log/faillog
Identify PAM authentication messages in /var/log/messages
Compare and contrast pam_tally with faillog
Use pam_tally to display user's tally
Enable pam_tally system-wide with desired policy
Fail to login multiple times, exceeding the system policy and evaluate results
Reset user's login count using pam_tally and faillog
Redirect PAM log messages using Syslog-NG
PAM Password Quality Check (pam_passwdqc)
Identify pam_passwdqc using RPM
Discuss features
Enumerate the supported password character classes - Complex passwords
Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
Test password policy in non-enforcing mode
Evaluate the effects
Enable password policy in enforcing mode and evaluate
Alter character class and length (complexity) requirements and evaluate
PAM Time - Time-based Access Control
Discuss features
Explain configuration file syntax
Impose restrictions on common services
Evaluate results
PAM Nologin
Discuss features
Explain configuration file syntax
Implement nologin module via /etc/nologin
Evaluate results
PAM Limits - System Resource Limits Controlled by PAM
Discuss features
Explain configuration file syntax
Impose restrictions on system resources
Evaluate results
PAM Authentication with Apache
Discuss features and desired result
Install Apache and development modules providing apxs support
Download PAM Apache module
Compile and install PAM Apache module
Configure Apache web site to support PAM
Evaluate results