mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-13 09:19:32 +07:00
Code Issues Packages Projects Releases Wiki Activity

use pam_acccess only for /etc/pam.d/login

Browse Source 
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
This commit is contained in:
Patrick Schleizer
2019-12-12 09:00:08 -05:00
parent 22b6480bc4
commit 729fa26eca
4 changed files with 25 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
usr/share/pam-configs/console-lockdown-security-misc
View File

@ -1,6 +1,7 @@
Name: allow only members of group console / ssh to login/incoming ssh (by package security-misc)
Name: allow only members of group console to use login (by package security-misc)
Default: no
Priority: 280
Account-Type: Primary
Account:
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/lib/security-misc/pam_only_if_login
required pam_access.so accessfile=/etc/security/access-security-misc.conf debug