Re: [incidents] SSH scans...
From: Tim Kennedy (tim_at_timkennedy.net)
Date: 12/20/04
- Previous message: Peter Willis: "Re: SSH scans..."
- Maybe in reply to: Tim Kennedy: "Re: [incidents] SSH scans..."
- Next in thread: Gerry Dalton: "Re: SSH scans..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Dec 2004 20:01:05 +0000 To: Dejan Markovic <dejanmarkovic@hotmail.com>
Dejan & Incidents users,
If you're running Linux, there is one easy limit within PAM that you can
make, to prevent the unauthorized compromise of unused accounts.
Most linux distro's ship with a PAM module called pam_succeed_if.so, in
/usr/lib/security.
You can use this to limit logins, by any number of characteristics, but
login name is the one I use.
so, in /etc/pam.d/sshd, in place of:
account required pam.stack.so service=system-auth
I add a line like:
account sufficient pam_succeed_if.so login = username
and comment out the system-auth line:
account sufficient pam_succeed_if.so login = gbush
account sufficient pam_succeed_if.so login = tblair
account sufficient pam_succeed_if.so login = jhoward
#account required pam.stack.so service=system-auth
This limits logins to only the small number of users allowed to SSH in,
and restricts other users, even if they have valid accounts. For
instance, perhaps a mail-only users, or something.
-Tim
-- Tim Kennedy || There are 10 types of people on Earth. http://public.xdi.org/=tck || Those who understand binary, tim@timkennedy.net || and those who don't.
- Previous message: Peter Willis: "Re: SSH scans..."
- Maybe in reply to: Tim Kennedy: "Re: [incidents] SSH scans..."
- Next in thread: Gerry Dalton: "Re: SSH scans..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
