Part IV Authentication and Security

This section contains the following chapters:

Table of Contents

21 Authentication Configuration
21.1 About Authentication
21.2 About Local Oracle Linux Authentication
21.2.1 Configuring Local Access
21.2.2 Configuring Fingerprint Reader Authentication
21.2.3 Configuring Smart Card Authentication
21.3 About IPA
21.3.1 Configuring IPA
21.4 About LDAP Authentication
21.4.1 About LDAP Data Interchange Format
21.4.2 Configuring an LDAP Server
21.4.3 Replacing the Default Certificates
21.4.4 Creating and Distributing Self-signed CA Certificates
21.4.5 Initializing an Organization in LDAP
21.4.6 Adding an Automount Map to LDAP
21.4.7 Adding a Group to LDAP
21.4.8 Adding a User to LDAP
21.4.9 Adding Users to a Group in LDAP
21.4.10 Enabling LDAP Authentication
21.5 About NIS Authentication
21.5.1 About NIS Maps
21.5.2 Configuring an NIS Server
21.5.3 Adding User Accounts to NIS
21.5.4 Enabling NIS Authentication
21.6 About Kerberos Authentication
21.6.1 Configuring a Kerberos Server
21.6.2 Configuring a Kerberos Client
21.6.3 Enabling Kerberos Authentication
21.7 About Pluggable Authentication Modules
21.7.1 Configuring Pluggable Authentication Modules
21.8 About the System Security Services Daemon
21.8.1 Configuring an SSSD Server
21.9 About Winbind Authentication
21.9.1 Enabling Winbind Authentication
22 Local Account Configuration
22.1 About User and Group Configuration
22.2 Changing Default Settings for User Accounts
22.3 Creating User Accounts
22.3.1 About umask and the setgid and Restricted Deletion Bits
22.4 Locking an Account
22.5 Modifying or Deleting User Accounts
22.6 Creating Groups
22.7 Modifying or Deleting Groups
22.8 Configuring Password Ageing
22.9 Granting sudo Access to Users
23 System Security Administration
23.1 About System Security
23.2 Configuring and Using SELinux
23.2.1 About SELinux Administration
23.2.2 About SELinux Modes
23.2.3 Setting SELinux Modes
23.2.4 About SELinux Policies
23.2.5 About SELinux Context
23.2.6 About SELinux Users
23.2.7 Troubleshooting Access-Denial Messages
23.3 About Packet-filtering Firewalls
23.3.1 Controlling the Firewall Service
23.3.2 Listing Firewall Rules
23.3.3 Inserting and Replacing Rules in a Chain
23.3.4 Deleting Rules in a Chain
23.3.5 Saving Rules
23.4 About TCP Wrappers
23.5 About chroot Jails
23.5.1 Running DNS and FTP Services in a Chroot Jail
23.5.2 Creating a Chroot Jail
23.5.3 Using a Chroot Jail
23.6 About Auditing
23.7 About System Logging
23.7.1 Configuring Logwatch
23.8 About Process Accounting
23.9 Security Guidelines
23.9.1 Minimizing the Software Footprint
23.9.2 Configuring System Logging
23.9.3 Disabling Core Dumps
23.9.4 Minimizing Active Services
23.9.5 Locking Down Network Services
23.9.6 Configuring a Packet-filtering Firewall
23.9.7 Configuring TCP Wrappers
23.9.8 Configuring Kernel Parameters
23.9.9 Restricting Access to SSH Connections
23.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
23.9.11 Checking User Accounts and Privileges
24 OpenSSH Configuration
24.1 About OpenSSH
24.2 OpenSSH Configuration Files
24.2.1 OpenSSH User Configuration Files
24.3 Configuring an OpenSSH Server
24.4 Installing the OpenSSH Client Packages
24.5 Using the OpenSSH Utilities
24.5.1 Using ssh to Connect to Another System
24.5.2 Using scp and sftp to Copy Files Between Systems
24.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
24.5.4 Enabling Remote System Access Without Requiring a Password