LinuxCBT.com

Syllabus

Focus: Pluggable Authenticaiton Modules (PAM)

Duration: 9-Hours

  • PAM Security - Module VII

    • Introduction - Topology - Features
      • Discuss course outline
      • Explore system configuration
      • Explore network topology
      • Identify primary PAM systems
      • Enumerate and discuss key PAM features
    •  
    • PAM Rules Files & Syntax
      • Identify key PAM configuration files
      • Explain the purpose of the /etc/pam.d/other PAM rules file
      • Discuss PAM's 4 management tasks
      • Identify the 4 tokens supported within PAM rules files
      • Explain possible values for the 4 supported rules file tokens
      • Discuss PAM's stacking of rules for the 4 management tasks
      • Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
      • Explore the contents of included PAM rules files
    •  
    • Common PAMs - Identify & Discuss Commonly Implemented PAMs
      • Explain the purpose and implementation of pam_echo
      • Test pam_echo using SSH
      • Explain the purpose and implementation of pam_warn
      • Explain the purpose and implementation of pam_deny
      • Identify instances of pam_warn and pam_deny modules
      • Explain the purpose and implementation of pam_unix2
      • Identify instances of pam_unix2 module
      • Explain the purpose and implementation of pam_env
      • Explain the purpose and implementation of pam_ftp
      • Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
      • Explain the purpose and implementation of pam_lastlog
      • Explain the purpose and implementation of pam_limits
      • Explain the purpose and implementation of pam_listfile
      • Explain the purpose and implementation of pam_nologin
    •  
    • Account Policies with PAM
      • Explain authentication flow when using PAM
      • Discuss account policies features
      • Identify and peruse the default account policies file: /etc/login.defs
      • Discus PAM's usage of /etc/login.defs as it pertains to system security
      • Discuss pam_pwcheck is maintaining system policy
      • Configure pam_pwcheck to support minimum password length
      • Correlate pam_pwcheck system policy to user accounts database
      • Configure pam_pwcheck to support password history
      • Use chage to enumerate and change user accounts' attributes associated with system policy
    •  
    • PAM Tally
      • Explain applications of pam_tally
      • Identify failed logins log file: /var/log/faillog
      • Identify PAM authentication messages in /var/log/messages
      • Compare and contrast pam_tally with faillog
      • Use pam_tally to display user's tally
      • Enable pam_tally system-wide with desired policy
      • Fail to login multiple times, exceeding the system policy and evaluate results
      • Reset user's login count using pam_tally and faillog
      • Redirect PAM log messages using Syslog-NG
    •  
    • PAM Password Quality Check (pam_passwdqc)
      • Identify pam_passwdqc using RPM
      • Discuss features
      • Enumerate the supported password character classes - Complex passwords
      • Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
      • Test password policy in non-enforcing mode
      • Evaluate the effects
      • Enable password policy in enforcing mode and evaluate
      • Alter character class and length (complexity) requirements and evaluate
    •  
    • PAM Time - Time-based Access Control
      • Discuss features
      • Explain configuration file syntax
      • Impose restrictions on common services
      • Evaluate results
    •  
    • PAM Nologin
      • Discuss features
      • Explain configuration file syntax
      • Implement nologin module via /etc/nologin
      • Evaluate results
    •  
    • PAM Limits - System Resource Limits Controlled by PAM
      • Discuss features
      • Explain configuration file syntax
      • Impose restrictions on system resources
      • Evaluate results
    •  
    • PAM Authentication with Apache
      • Discuss features and desired result
      • Install Apache and development modules providing apxs support
      • Download PAM Apache module
      • Compile and install PAM Apache module
      • Configure Apache web site to support PAM
      • Evaluate results
    •  
    • PAM Make $HOME Dir
      • Explore features
      • Implement pam_mkhomedir
      • Create new accounts without $HOME
      • Evaluate module results
    •  
    • PAM Execute Processes
      • Discuss applicability
      • Implement pam_exec with various types
      • Evaluate module results
    •  
    • PAM Password History | Policy Enforcement
      • Discuss benefits
      • Implement pam_pwhistory
      • Tweak defaults
      • Evaluate module results
      • Implement pam_pwcheck
      • Contrast with pam_pwhistory
      • Apply policy to all users
      • Evaluate resuls
    •  
    • PAM Wheel
      • Consider applications
      • Implement pam_wheel
      • Evaluate resuls
    •  

LinuxCBT PAM Edition

  •  
DEMO