LibCat » Книги » Компьютеры и интернет » ОС и Сети » Chris Tyler - Fedora Linux

Chris Tyler - Fedora Linux

Здесь есть возможность читать онлайн «Chris Tyler - Fedora Linux» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Год выпуска: 2006, ISBN: 2006, Издательство: O'Reilly, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
Fedora Linux
Автор:
Chris Tyler
Издательство:
O'Reilly
Жанр:
ОС и Сети / на английском языке
Год:
2006
ISBN:
978-0-596-52682-5
Рейтинг книги:
5 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 100
- 1
- 2
- 3
- 4
- 5

Fedora Linux: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Fedora Linux»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

"Neither a "Starting Linux" book nor a dry reference manual, this book has a lot to offer to those coming to Fedora from other operating systems or distros." -- Behdad Esfahbod, Fedora developer This book will get you up to speed quickly on Fedora Linux, a securely-designed Linux distribution that includes a massive selection of free software packages. Fedora is hardened out-of-the-box, it's easy to install, and extensively customizable - and this book shows you how to make Fedora work for you.
Fedora Linux: A Complete Guide to Red Hat's Community Distribution In this book, you'll learn how to:
 Install Fedora and perform basic administrative tasks
 Configure the KDE and GNOME desktops
 Get power management working on your notebook computer and hop on a wired or wireless network
 Find, install, and update any of the thousands of packages available for Fedora
 Perform backups, increase reliability with RAID, and manage your disks with logical volumes
 Set up a server with file sharing, DNS, DHCP, email, a Web server, and more
 Work with Fedora's security features including SELinux, PAM, and Access Control Lists (ACLs)
Whether you are running the stable version of Fedora Core or bleeding-edge Rawhide releases, this book has something for every level of user. The modular, lab-based approach not only shows you how things work - but also explains why--and provides you with the answers you need to get up and running with Fedora Linux.

Fedora Linux — читать онлайн бесплатно полную книгу (весь текст) целиком

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Fedora Linux», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

#%PAM-1.0

auth include system-auth

account include system-auth

password include system-auth

session include system-auth

session required pam_loginuid.so

Authentication is carried out by the first line, which includes all of the auth lines from the file /etc/pam.d/system-auth , which looks like this:

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

account required pam_unix.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3

password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

password required pam_deny.so

session required pam_limits.so

session required pam_unix.so

The first line highlighted in bold executes the pam_env.so module ( /lib/security/pam_env.so ), which sets up environment variables according to the configuration file /etc/security/pam_env.conf . The next lines use the pam_unix.so module to perform traditional Unix password checking, then deny access if the password check does not succeed.

In this configuration, the pam_succeed_if.so lines do nothing! (They are used when a network authentication scheme is in effect, though.)

These are the account entries, as included into the sshd configuration file from the system-auth file:

account required pam_nologin.so

account required pam_unix.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

The pam_nologin.so module checks for the existence of the file /etc/nologin and, if present, prevents anyone except root from logging in. This is useful during periods of system maintenance.

The contents of /etc/nologin will be displayed as a message to the user in a dialog box when he attempts to log in using the graphical user interface. In the case of a character-mode login, the file will be displayed but the screen will be cleared immediately, making it nearly impossible to read the message. The SSH daemon will not display the message at all.

The pam_unix.so module (in this account mode) performs password maintenance checking, to see if the user should be forced to change her password, warned of imminent expiry, or locked out of the system. Finally, the pam_permit.so module sets up a default action of permit for the account section of the file.

The password portion of the configuration controls password changes:

password requisite pam_cracklib.so try_first_pass retry=3

password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

password required pam_deny.so

The first line executes pam_cracklib.so to ensure that any newly set password is sufficiently complex, and the second line updates the password files on the system. The last line ensures that a failure is recorded if the password update is not successful.

Finally, we have the session entries, which set up the environment and perform logging after the user has authenticated:

session required pam_limits.so

session required pam_unix.so

session required pam_loginuid.so

The first two lines are included from /etc/pam.d/system-auth , while the last line is from /etc/pam.d/sshd .

The pam_limits.so module can be used to configure ulimit values according to /etc/security/limits.conf , but the default version of that file contains only comments. You can use this module to limit the amount of memory, CPU time, simultaneous logins, or other resources available to specific users.

The pam_unix.so module (in session mode) simply logs the fact that the user has authenticated using the syslog facility. The last module, pam_loginuid.so , records the fact that this is an initial login (as opposed to a switch of user ID performed using su or sudo ).

8.6.1.1. Using an authentication server

Fedora can authenticate against an authentication server instead of (or in addition to) the local user and password database ( /etc/passwd , /etc/shadow , /etc/group , and /etc/gshadow ). Usable authentication and user information services include Kerberos, LDAP, Hesiod (DNS), Winbind (local Windows domain), and SMB (Windows domain server).

To use an established authentication server, select the desktop menu option System→Administration→Authentication or run the command system-config-authentication. The window shown in Figure 8-9 will appear. Select the User Information or Authentication tab, and then select the checkbox for the server type you wish to use. Click the Configure button to the right of the server type to enter the parameters specifically required by that server type (for example, for NIS you will need to enter the NIS domain and the server name).

Click OK. system-config-authentication will then write a new version of the file /etc/pam.d/system-auth .

Figure 8-9. Authentication Configuration window

Using the Authentication Configuration tool will undo any customization that - фото 155

Using the Authentication Configuration tool will undo any customization that you have made in /etc/pam.d/system-auth .

Authentication can also be configured from the command line using authconfig .

8.6.1.2. Adding a PAM module: restricting access by time and user

We can tighten up the security of the system by adding additional modules into the configuration file. For example, you can restrict SSH access to certain times of day using the pam_time.so module.

Before editing any PAM configuration file, make a backup copy. You should also keep a root shell open in a virtual terminal or terminal window in case your changes accidentally lock you out of the system. Test the new configuration thoroughly before closing the root shell!

Edit /etc/pam.d/sshd to add pam_time.so in the account section:

#%PAM-1.0

auth include system-auth

account required pam_time.so

account include system-auth

password include system-auth

session include system-auth

session required pam_loginuid.so

Notice that the sequence of the lines is critical; if you place the pam_time.so line after the file system-auth is included, it will be ignored for users with IDs less than 500 (such as root) due to the pam_succeed_if.so line in system-auth .

The pam_time.so module restricts access based on the contents of the file /etc/security/time.conf , which is a text file with four semicolon-delimited fields per line. The fields are:

service

Must match the name of the service file in /etc/pam.d ( sshd in this example).