Part IV Authentication and Security

This section contains the following chapters:

Table of Contents

24 Authentication Configuration
24.1 About Authentication
24.2 About Local Oracle Linux Authentication
24.2.1 Configuring Local Access
24.2.2 Configuring Fingerprint Reader Authentication
24.2.3 Configuring Smart Card Authentication
24.3 About IPA Authentication
24.3.1 Configuring IPA Authentication
24.4 About LDAP Authentication
24.4.1 About LDAP Data Interchange Format
24.4.2 Configuring an LDAP Server
24.4.3 Replacing the Default Certificates
24.4.4 Creating and Distributing Self-signed CA Certificates
24.4.5 Initializing an Organization in LDAP
24.4.6 Adding an Automount Map to LDAP
24.4.7 Adding a Group to LDAP
24.4.8 Adding a User to LDAP
24.4.9 Adding Users to a Group in LDAP
24.4.10 Enabling LDAP Authentication
24.5 About NIS Authentication
24.5.1 About NIS Maps
24.5.2 Configuring an NIS Server
24.5.3 Adding User Accounts to NIS
24.5.4 Enabling NIS Authentication
24.6 About Kerberos Authentication
24.6.1 Configuring a Kerberos Server
24.6.2 Configuring a Kerberos Client
24.6.3 Enabling Kerberos Authentication
24.7 About Pluggable Authentication Modules
24.8 About the System Security Services Daemon
24.8.1 Configuring an SSSD Server
24.9 About Winbind Authentication
24.9.1 Enabling Winbind Authentication
25 Local Account Configuration
25.1 About User and Group Configuration
25.2 Changing Default Settings for User Accounts
25.3 Creating User Accounts
25.3.1 About umask and the setgid and Restricted Deletion Bits
25.4 Locking an Account
25.5 Modifying or Deleting User Accounts
25.6 Creating Groups
25.7 Modifying or Deleting Groups
25.8 Configuring Password Ageing
25.9 Granting sudo Access to Users
26 System Security Administration
26.1 About System Security
26.2 Configuring and Using SELinux
26.2.1 About SELinux Administration
26.2.2 About SELinux Modes
26.2.3 Setting SELinux Modes
26.2.4 About SELinux Policies
26.2.5 About SELinux Context
26.2.6 About SELinux Users
26.2.7 Troubleshooting Access-Denial Messages
26.3 About Packet-filtering Firewalls
26.3.1 Controlling the firewalld Firewall Service
26.3.2 Controlling the iptables Firewall Service
26.4 About TCP Wrappers
26.5 About chroot Jails
26.5.1 Running DNS and FTP Services in a Chroot Jail
26.5.2 Creating a Chroot Jail
26.5.3 Using a Chroot Jail
26.6 About Auditing
26.7 About System Logging
26.7.1 Configuring Logwatch
26.8 About Process Accounting
26.9 Security Guidelines
26.9.1 Minimizing the Software Footprint
26.9.2 Configuring System Logging
26.9.3 Disabling Core Dumps
26.9.4 Minimizing Active Services
26.9.5 Locking Down Network Services
26.9.6 Configuring a Packet-filtering Firewall
26.9.7 Configuring TCP Wrappers
26.9.8 Configuring Kernel Parameters
26.9.9 Restricting Access to SSH Connections
26.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
26.9.11 Checking User Accounts and Privileges
27 OpenSSH Configuration
27.1 About OpenSSH
27.2 OpenSSH Configuration Files
27.2.1 OpenSSH User Configuration Files
27.3 Configuring an OpenSSH Server
27.4 Installing the OpenSSH Client Packages
27.5 Using the OpenSSH Utilities
27.5.1 Using ssh to Connect to Another System
27.5.2 Using scp and sftp to Copy Files Between Systems
27.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
27.5.4 Enabling Remote System Access Without Requiring a Password

Copyright © 2014, 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices