LinuxCBT PAM Edition

LinuxCBT PAM Edition




LinuxCBT PAM Edition encompasses: 1. Pluggable Authentication Modules (PAM) Security.

LinuxCBT PAM Edition entails 6-hours, or ~1-day of classroom training. LinuxCBT PAM Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions.

Let LinuxCBT PAM Edition cost-effectively sharpen your PAM Security skills!

Recommended Prerequisites for:
* Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
o Open mind & determination to master Linux and related open-source applications
o Basic understanding of networking concepts
o Access to a PC to follow the exercises

PAM Security - Module 1
* Introduction - Topology - Features
o Discuss course outline
o Explore system configuration
o Explore network topology
o Identify primary PAM systems
o Enumerate and discuss key PAM features

* PAM Rules Files & Syntax
o Identify key PAM configuration files
o Explain the purpose of the /etc/pam.d/other PAM rules file
o Discuss PAM's 4 management tasks
o Identify the 4 tokens supported within PAM rules files
o Explain possible values for the 4 supported rules file tokens
o Discuss PAM's stacking of rules for the 4 management tasks
o Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
o Explore the contents of included PAM rules files

* Common PAMs - Identify & Discuss Commonly Implemented PAMs
o Explain the purpose and implementation of pam_echo
o Test pam_echo using SSH
o Explain the purpose and implementation of pam_warn
o Explain the purpose and implementation of pam_deny
o Identify instances of pam_warn and pam_deny modules
o Explain the purpose and implementation of pam_unix2
o Identify instances of pam_unix2 module
o Explain the purpose and implementation of pam_env
o Explain the purpose and implementation of pam_ftp
o Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
o Explain the purpose and implementation of pam_lastlog
o Explain the purpose and implementation of pam_limits
o Explain the purpose and implementation of pam_listfile
o Explain the purpose and implementation of pam_nologin

* Account Policies with PAM
o Explain authentication flow when using PAM
o Discuss account policies features
o Identify and peruse the default account policies file: /etc/login.defs
o Discus PAM's usage of /etc/login.defs as it pertains to system security
o Discuss pam_pwcheck is maintaining system policy
o Configure pam_pwcheck to support minimum password length
o Correlate pam_pwcheck system policy to user accounts database
o Configure pam_pwcheck to support password history
o Use chage to enumerate and change user accounts' attributes associated with system policy

* PAM Tally
o Explain applications of pam_tally
o Identify failed logins log file: /var/log/faillog
o Identify PAM authentication messages in /var/log/messages
o Compare and contrast pam_tally with faillog
o Use pam_tally to display user's tally
o Enable pam_tally system-wide with desired policy
o Fail to login multiple times, exceeding the system policy and evaluate results
o Reset user's login count using pam_tally and faillog
o Redirect PAM log messages using Syslog-NG

* PAM Password Quality Check (pam_passwdqc)
o Identify pam_passwdqc using RPM
o Discuss features
o Enumerate the supported password character classes - Complex passwords
o Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
o Test password policy in non-enforcing mode
o Evaluate the effects
o Enable password policy in enforcing mode and evaluate
o Alter character class and length (complexity) requirements and evaluate

* PAM Time - Time-based Access Control
o Discuss features
o Explain configuration file syntax
o Impose restrictions on common services
o Evaluate results

* PAM Nologin
o Discuss features
o Explain configuration file syntax
o Implement nologin module via /etc/nologin
o Evaluate results

* PAM Limits - System Resource Limits Controlled by PAM
o Discuss features
o Explain configuration file syntax
o Impose restrictions on system resources
o Evaluate results

* PAM Authentication with Apache
o Discuss features and desired result
o Install Apache and development modules providing apxs support
o Download PAM Apache module
o Compile and install PAM Apache module
o Configure Apache web site to support PAM
o Evaluate results
more info @http://www.linuxcbt.com/products_linuxcbt_pam_edition.php

Download: | Part 1 | Part 2 | Part 3 |