mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-07-14 18:00:54 +07:00
Console Lockdown.
Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592
This commit is contained in:
Patrick Schleizer
6
usr/share/pam-configs/console-lockdown
Normal file
6
usr/share/pam-configs/console-lockdown
Normal file
@ -0,0 +1,6 @@
|
||||
Name: allow only members of group console to login (by package security-misc)
|
||||
Default: no
|
||||
Priority: 280
|
||||
Account-Type: Primary
|
||||
Account:
|
||||
required pam_access.so accessfile=/etc/security/access-security-misc.conf debug
|
||||
Reference in New Issue
Block a user