security-misc/usr/share/pam-configs/console-lockdown-security-misc

Name: allow only members of group console / ssh to login/incoming ssh (by package security-misc)
Default: no
Priority: 280
Account-Type: Primary
Account:
	required	pam_access.so accessfile=/etc/security/access-security-misc.conf debug
pam description 2019-12-08 02:10:43 -05:00			`Name: allow only members of group console / ssh to login/incoming ssh (by package security-misc)`
Console Lockdown. Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592 2019-12-07 05:40:20 -05:00			`Default: no`
			`Priority: 280`
			`Account-Type: Primary`
			`Account:`
			`required pam_access.so accessfile=/etc/security/access-security-misc.conf debug`