pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so




OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64


-------------------------------------------------------------------------


准备工作:
[root@Zhai ~]# groupadd pam_ssh
[root@Zhai ~]# useradd pam_test1 -G pam_ssh
[root@Zhai ~]# useradd pam_test2 -G pam_ssh
[root@Zhai ~]# useradd pam_test3
[root@Zhai ~]# useradd pam_test4
[root@Zhai ~]# useradd pam_test5


验证pam_permit.so:
[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_loginuid.so


000413225.jpg




验证pam_deny.so:
[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_deny.so
account         required        pam_unix.so
session         required        pam_loginuid.so


000456357.jpg




验证pam_time.so:
[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
account         required        pam_time.so
session         required        pam_loginuid.so


[root@Zhai ~]# vi /etc/security/time.conf

# Add by zhai_kang
# The default is to accept
# Only 01:00-01:04 Tuesday,Wednesday 00:05-00:08, pam_test3 can't log in via ssh
sshd;*;pam_test3;Tu0100-0104 | We0005-0008
# Only 01:00-01:04 Tuesday, pam_test4 can't log in via ssh
sshd;*;pam_test4;!Tu0100-0104
# Only 01:00-01:04 Tuesday, pam_test5 can log in via ssh
sshd;*;pam_test5;Tu0100-0104



000631817.jpg


000645371.jpg


000654461.jpg


000703701.jpg




验证pam_echo.so:
[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_echo.so file=/etc/message


[root@Zhai ~]# vi /etc/message

+---------------------------------------------------+
                welcome to %h Server
                Login User: %u
                Login from: %H
+---------------------------------------------------+



000902161.jpg




验证pam_limits.so:
[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_limits.so debug conf=/etc/security/limits.conf


[root@Zhai ~]# vi /etc/security/limits.conf

pam_test3       -       maxlogins       2


[root@Zhai ~]# > /var/log/secure



001010608.jpg


[root@Zhai ~]# cat /var/log/secure

001913178.jpg





-------------------------------------------------------------------------


The detailed information:man pam_permit
The detailed information:man pam_deny
The detailed information:man pam_time
The detailed information:man pam_echo
The detailed information:man time.conf
The detailed information:man pam_limits
The detailed information:man limits.conf




你可能感兴趣的:(安全,Linux-PAM)