LinuxCBT Security Edition之 LinuxCBT PAM Edition

leapApple

LinuxCBT PAM Edition是LinuxCBT Security Edition系列中的一部分，PAM（Pluggable Authentication Modules ）是由Sun提出的一种认证机制。它通过提供一些动态链接库和一套统一的API，将系统提供的服务 和该服务的认证方式分开，使得系统管理员可以灵活地根据需要给不同的服务配置不同的认证方式而无需更改服务程序，同时也便于向系统中添加新的认证手段。

本视频就是让大家学会如果使用PAM这一认证机制提高开源软件与系统的安全。

建议大家使用下载工具下载，这个是bin文件类型的虚拟光盘文件。
LinuxCBT.PAM.Edition[www.TopSage.com].bin

LinuxCBT PAM Edition encompasses: 1. Pluggable Authentication Modules (PAM) Security.

LinuxCBT PAM Edition entails 6-hours, or ~1-day of classroom training. LinuxCBT PAM Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions.

PAM Security - Module 1

• Introduction - Topology - Features
  • Discuss course outline
  • Explore system configuration
  • Explore network topology
  • Identify primary PAM systems
  • Enumerate and discuss key PAM features
• 
  
• PAM Rules Files & Syntax
  • Identify key PAM configuration files
  • Explain the purpose of the /etc/pam.d/other PAM rules file
  • Discuss PAM's 4 management tasks
  • Identify the 4 tokens supported within PAM rules files
  • Explain possible values for the 4 supported rules file tokens
  • Discuss PAM's stacking of rules for the 4 management tasks
  • Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
  • Explore the contents of included PAM rules files
• 
  
• Common PAMs - Identify & Discuss Commonly Implemented PAMs
  • Explain the purpose and implementation of pam_echo
  • Test pam_echo using SSH
  • Explain the purpose and implementation of pam_warn
  • Explain the purpose and implementation of pam_deny
  • Identify instances of pam_warn and pam_deny modules
  • Explain the purpose and implementation of pam_unix2
  • Identify instances of pam_unix2 module
  • Explain the purpose and implementation of pam_env
  • Explain the purpose and implementation of pam_ftp
  • Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
  • Explain the purpose and implementation of pam_lastlog
  • Explain the purpose and implementation of pam_limits
  • Explain the purpose and implementation of pam_listfile
  • Explain the purpose and implementation of pam_nologin
• 
  
• Account Policies with PAM
  • Explain authentication flow when using PAM
  • Discuss account policies features
  • Identify and peruse the default account policies file: /etc/login.defs
  • Discus PAM's usage of /etc/login.defs as it pertains to system security
  • Discuss pam_pwcheck is maintaining system policy
  • Configure pam_pwcheck to support minimum password length
  • Correlate pam_pwcheck system policy to user accounts database
  • Configure pam_pwcheck to support password history
  • Use chage to enumerate and change user accounts' attributes associated with system policy
• 
  
• PAM Tally
  • Explain applications of pam_tally
  • Identify failed logins log file: /var/log/faillog
  • Identify PAM authentication messages in /var/log/messages
  • Compare and contrast pam_tally with faillog
  • Use pam_tally to display user's tally
  • Enable pam_tally system-wide with desired policy
  • Fail to login multiple times, exceeding the system policy and evaluate results
  • Reset user's login count using pam_tally and faillog
  • Redirect PAM log messages using Syslog-NG
• 
  
• PAM Password Quality Check (pam_passwdqc)
  • Identify pam_passwdqc using RPM
  • Discuss features
  • Enumerate the supported password character classes - Complex passwords
  • Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
  • Test password policy in non-enforcing mode
  • Evaluate the effects
  • Enable password policy in enforcing mode and evaluate
  • Alter character class and length (complexity) requirements and evaluate
• 
  
• PAM Time - Time-based Access Control
  • Discuss features
  • Explain configuration file syntax
  • Impose restrictions on common services
  • Evaluate results
• 
  
• PAM Nologin
  • Discuss features
  • Explain configuration file syntax
  • Implement nologin module via /etc/nologin
  • Evaluate results
• 
  
• PAM Limits - System Resource Limits Controlled by PAM
  • Discuss features
  • Explain configuration file syntax
  • Impose restrictions on system resources
  • Evaluate results
• 
  
• PAM Authentication with Apache
• Discuss features and desired result
• Install Apache and development modules providing apxs support
• Download PAM Apache module
• Compile and install PAM Apache module
• Configure Apache web site to support PAM
• Evaluate results
• 
  

huichrist

 支持支持

huichrist

 无法下载！

lelo

很好的资料，正想好好学习一下，谢谢楼主！

bbSUSE

安全的，那有没有防火墙iptables的啊，那个比较头疼

leapApple

QUOTE:

以下是引用bbSUSE在2008-6-27 13:55:00的发言：
安全的，那有没有防火墙iptables的啊，那个比较头疼

安全套件里有的，LinuxCBT的Security相关的教程有basic security, selinux, nids, openssh, pam, firewall(iptables)的等等

还在收集中...

wyltonwyj

很好的资料，正想好好学习一下，谢谢楼...

basten54188

请问有讲SELinux的么？楼主能放出来么？

lvsheat

支持

bitterness

好东西，可是我下载不了呢