[security]
# Allow root to login. It makes sense to turn this off for kiosk use,when
# you want to minimize the possibility of break in.
AllowRoot=true
# Allow login as root via XDMCP. This value will be overridden and set to
# false if the /etc/default/login file exists and contains
# "CONSOLE=/dev/login", and set to true if the /etc/default/loginfile exists
# and contains any other value or no value for CONSOLE.
AllowRemoteRoot=true
# This will allow remote timed login.
AllowRemoteAutoLogin=false
# 0 is the most restrictive, 1 allo
#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignoredefault=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in theuser context
session required pam_selinux.so open
session optional pam_keyinit.so forcerevoke
~
#vi /etc/pam.d/remote
#%PAM-1.0
#auth required pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in theuser context
session required pam_selinux.so open
session optional pam_keyinit.so forcerevoke
~
~
#vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs forauthentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
~
~
QQ群⑧:
窥视卡
雷达卡
发表于 2016-5-15 06:49:40
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡