Linux Security Lab 2
1. What is the significance of creating Groups and adding Users to Groups?
By creating groups you can get people access to the information that they need to get to. When a user is created and added to a group that user then has the access permissions of the group that has been made.
2. Given a scenereo where there are 5 database admins that may periodically need access to a given system. Discuss a better concept to better manage the admins access permissions.
Break down admin responsabilities and only give them the access for what duties they need to perform. PAM command is a great idea in this scenereo.
3. New web admin account has been set up and a password provided. What is the command to force a password change upon login.
Chage –d 0
4. What is the purpose of the “SU” command.
This is the command to get into the machine as ROOT. (Super User I like to call it) this is like the ultimate authority command to change what you want and equally allows you to screw things up if you want.
5. Restricting the use of the “SU” command can be configured using what mechanism.
/etc/pam.d/su to edit the PAM. Edit the #auth required pam_wheel.so use_uid
6. What is the purpose of the login.defs file? Creates accounts and is site specific for the shadow login. This has rules like expirations, password requirements.
7. What is the PASS_MIN_DAYS setting? Min days until you have to change the password
8. What is the PASS_MAX_DAYS setting? Why is it good to set this? Max days to change your password. This is a great idea to force people to change passwords and if they don’t then the account goes bye bye.
9. NO
10. Make group, use login.defs, set max days
By creating groups you can get people access to the information that they need to get to. When a user is created and added to a group that user then has the access permissions of the group that has been made.
2. Given a scenereo where there are 5 database admins that may periodically need access to a given system. Discuss a better concept to better manage the admins access permissions.
Break down admin responsabilities and only give them the access for what duties they need to perform. PAM command is a great idea in this scenereo.
3. New web admin account has been set up and a password provided. What is the command to force a password change upon login.
Chage –d 0
4. What is the purpose of the “SU” command.
This is the command to get into the machine as ROOT. (Super User I like to call it) this is like the ultimate authority command to change what you want and equally allows you to screw things up if you want.
5. Restricting the use of the “SU” command can be configured using what mechanism.
/etc/pam.d/su to edit the PAM. Edit the #auth required pam_wheel.so use_uid
6. What is the purpose of the login.defs file? Creates accounts and is site specific for the shadow login. This has rules like expirations, password requirements.
7. What is the PASS_MIN_DAYS setting? Min days until you have to change the password
8. What is the PASS_MAX_DAYS setting? Why is it good to set this? Max days to change your password. This is a great idea to force people to change passwords and if they don’t then the account goes bye bye.
9. NO
10. Make group, use login.defs, set max days