Part IV Authentication and Security

This section contains the following chapters:

Table of Contents

23 Authentication Configuration
23.1 About Authentication
23.2 About Local Oracle Linux Authentication
23.2.1 Configuring Local Access
23.2.2 Configuring Fingerprint Reader Authentication
23.2.3 Configuring Smart Card Authentication
23.3 About IPA
23.3.1 Configuring IPA
23.4 About LDAP Authentication
23.4.1 About LDAP Data Interchange Format
23.4.2 Configuring an LDAP Server
23.4.3 Replacing the Default Certificates
23.4.4 Creating and Distributing Self-signed CA Certificates
23.4.5 Initializing an Organization in LDAP
23.4.6 Adding an Automount Map to LDAP
23.4.7 Adding a Group to LDAP
23.4.8 Adding a User to LDAP
23.4.9 Adding Users to a Group in LDAP
23.4.10 Enabling LDAP Authentication
23.5 About NIS Authentication
23.5.1 About NIS Maps
23.5.2 Configuring an NIS Server
23.5.3 Adding User Accounts to NIS
23.5.4 Enabling NIS Authentication
23.6 About Kerberos Authentication
23.6.1 Configuring a Kerberos Server
23.6.2 Configuring a Kerberos Client
23.6.3 Enabling Kerberos Authentication
23.7 About Pluggable Authentication Modules
23.7.1 Configuring Pluggable Authentication Modules
23.8 About the System Security Services Daemon
23.8.1 Configuring an SSSD Server
23.9 About Winbind Authentication
23.9.1 Enabling Winbind Authentication
24 Local Account Configuration
24.1 About User and Group Configuration
24.2 Changing Default Settings for User Accounts
24.3 Creating User Accounts
24.3.1 About umask and the setgid and Restricted Deletion Bits
24.4 Locking an Account
24.5 Modifying or Deleting User Accounts
24.6 Creating Groups
24.7 Modifying or Deleting Groups
24.8 Configuring Password Ageing
24.9 Granting sudo Access to Users
25 System Security Administration
25.1 About System Security
25.2 Configuring and Using SELinux
25.2.1 About SELinux Administration
25.2.2 About SELinux Modes
25.2.3 Setting SELinux Modes
25.2.4 About SELinux Policies
25.2.5 About SELinux Context
25.2.6 About SELinux Users
25.2.7 Troubleshooting Access-Denial Messages
25.3 About Packet-filtering Firewalls
25.3.1 Controlling the Firewall Service
25.3.2 Listing Firewall Rules
25.3.3 Inserting and Replacing Rules in a Chain
25.3.4 Deleting Rules in a Chain
25.3.5 Saving Rules
25.4 About TCP Wrappers
25.5 About chroot Jails
25.5.1 Running DNS and FTP Services in a Chroot Jail
25.5.2 Creating a Chroot Jail
25.5.3 Using a Chroot Jail
25.6 About Auditing
25.7 About System Logging
25.7.1 Configuring Logwatch
25.8 About Process Accounting
25.9 Security Guidelines
25.9.1 Minimizing the Software Footprint
25.9.2 Configuring System Logging
25.9.3 Disabling Core Dumps
25.9.4 Minimizing Active Services
25.9.5 Locking Down Network Services
25.9.6 Configuring a Packet-filtering Firewall
25.9.7 Configuring TCP Wrappers
25.9.8 Configuring Kernel Parameters
25.9.9 Restricting Access to SSH Connections
25.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
25.9.11 Checking User Accounts and Privileges
26 OpenSSH Configuration
26.1 About OpenSSH
26.2 OpenSSH Configuration Files
26.2.1 OpenSSH User Configuration Files
26.3 Configuring an OpenSSH Server
26.4 Installing the OpenSSH Client Packages
26.5 Using the OpenSSH Utilities
26.5.1 Using ssh to Connect to Another System
26.5.2 Using scp and sftp to Copy Files Between Systems
26.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
26.5.4 Enabling Remote System Access Without Requiring a Password