Part IV Authentication and Security

This section contains the following chapters:

Table of Contents

22 Authentication Configuration
22.1 About Authentication
22.2 About Local Oracle Linux Authentication
22.2.1 Configuring Local Access
22.2.2 Configuring Fingerprint Reader Authentication
22.2.3 Configuring Smart Card Authentication
22.3 About IPA
22.3.1 Configuring IPA
22.4 About LDAP Authentication
22.4.1 About LDAP Data Interchange Format
22.4.2 Configuring an LDAP Server
22.4.3 Replacing the Default Certificates
22.4.4 Creating and Distributing Self-signed CA Certificates
22.4.5 Initializing an Organization in LDAP
22.4.6 Adding an Automount Map to LDAP
22.4.7 Adding a Group to LDAP
22.4.8 Adding a User to LDAP
22.4.9 Adding Users to a Group in LDAP
22.4.10 Enabling LDAP Authentication
22.5 About NIS Authentication
22.5.1 About NIS Maps
22.5.2 Configuring an NIS Server
22.5.3 Adding User Accounts to NIS
22.5.4 Enabling NIS Authentication
22.6 About Kerberos Authentication
22.6.1 Configuring a Kerberos Server
22.6.2 Configuring a Kerberos Client
22.6.3 Enabling Kerberos Authentication
22.7 About Pluggable Authentication Modules
22.7.1 Configuring Pluggable Authentication Modules
22.8 About the System Security Services Daemon
22.8.1 Configuring an SSSD Server
22.9 About Winbind Authentication
22.9.1 Enabling Winbind Authentication
23 Local Account Configuration
23.1 About User and Group Configuration
23.2 Changing Default Settings for User Accounts
23.3 Creating User Accounts
23.3.1 About umask and the setgid and Restricted Deletion Bits
23.4 Locking an Account
23.5 Modifying or Deleting User Accounts
23.6 Creating Groups
23.7 Modifying or Deleting Groups
23.8 Configuring Password Ageing
23.9 Granting sudo Access to Users
24 System Security Administration
24.1 About System Security
24.2 Configuring and Using SELinux
24.2.1 About SELinux Administration
24.2.2 About SELinux Modes
24.2.3 Setting SELinux Modes
24.2.4 About SELinux Policies
24.2.5 About SELinux Context
24.2.6 About SELinux Users
24.2.7 Troubleshooting Access-Denial Messages
24.3 About Packet-filtering Firewalls
24.3.1 Controlling the Firewall Service
24.3.2 Listing Firewall Rules
24.3.3 Inserting and Replacing Rules in a Chain
24.3.4 Deleting Rules in a Chain
24.3.5 Saving Rules
24.4 About TCP Wrappers
24.5 About chroot Jails
24.5.1 Running DNS and FTP Services in a Chroot Jail
24.5.2 Creating a Chroot Jail
24.5.3 Using a Chroot Jail
24.6 About Auditing
24.7 About System Logging
24.7.1 Configuring Logwatch
24.8 About Process Accounting
24.9 Security Guidelines
24.9.1 Minimizing the Software Footprint
24.9.2 Configuring System Logging
24.9.3 Disabling Core Dumps
24.9.4 Minimizing Active Services
24.9.5 Locking Down Network Services
24.9.6 Configuring a Packet-filtering Firewall
24.9.7 Configuring TCP Wrappers
24.9.8 Configuring Kernel Parameters
24.9.9 Restricting Access to SSH Connections
24.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
24.9.11 Checking User Accounts and Privileges
25 OpenSSH Configuration
25.1 About OpenSSH
25.2 OpenSSH Configuration Files
25.2.1 OpenSSH User Configuration Files
25.3 Configuring an OpenSSH Server
25.4 Installing the OpenSSH Client Packages
25.5 Using the OpenSSH Utilities
25.5.1 Using ssh to Connect to Another System
25.5.2 Using scp and sftp to Copy Files Between Systems
25.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
25.5.4 Enabling Remote System Access Without Requiring a Password