HOST SECURITY:
nmap -P0 domain.com --> port and services scanned
(if it stuck for more than 30 sec: there might not
be sush address when password is forgotten:
boot, push Crtl+X,at lilo prompt type : linux
single, than passwd --> that will give u a
new root password to type.
/etc/lilo.conf place after "install=/boot/boot.b":
password=fedora
remove line: message =..,mv /boot/message /message-:
u dont c pinguin at start
/etc/securetty --> disable root login from the
removed tty
tail -f /var/log/messages > /dev/tty6
TMOUT=60 --> closes session if no move for the
user at any tty after 60 sec
(b carefull of that!),better add that to
.bash_profile.
chage -M 90 user_name --> 90 days password expiration
-I --> number days inactive since password
expired before locking account
-E date expire the password on this date
at end of /etc/security/time.conf sais when
will bill be able 2 access:
login;*;bill;Mo0500-2400|TuWeTh0000-2400|Fr0000-1900
at end of /etc/security/access.conf prevent members
of redmond group from
login in from anywhere other then 2nd virtual console:
-:redmond:ALL EXCEPT tty2
-:ALL EXCEPT user1 user2 instructor:server1
--> "-" prevent from all
except 3 users on server1.
-:developer:ALL --> disallows all logins
from developer group
edit /etc/pam.d/login 2 activate the restrictions,
write this below lines begining with auth:
account required /lib/security/pam_time.so
account required /lib/security/pam_access.so
timetool --> change the clock in X
timeconfig --> change timezone from prompt
check restrictions
touch /etc/nologin -->put a file-no regular user
can enter no way, can write a massege inside this empty
file. removed upon system shutdown.
/etc/security/limits.conf:
student hard nproc 100 --> 2 limit him 2 100 of processes
rpm -V -a --> see what had changed
-qa | grep sendmail --> c the sendmail packeges
for x:
setup: xlockmore --> lock x screen : xlock
setup: vlock --> lock the tty ,
xscreensaver -lock-mode --> 2 lock the x also
|