Red_Hat
RH302 · Question #115
RH302 Question #115: Real Exam Question with Answer & Explanation
1. touch /etc/nologin 2. vi /etc/securetty comment all available terminall then first. If /etc/nologin file is created, then pam modules pam_nologin deny to all non-root users to login locally. /etc/pam.d/login file calls the module. #%PAM-1.0 auth required pam_securetty.so auth
Question
You are the administrator of example.com domain. Configure to deny local login to all normal users on your domain server. As well as allow to root login only on First Terminal.
Explanation
- touch /etc/nologin
- vi /etc/securetty comment all available terminall then first. If /etc/nologin file is created, then pam modules pam_nologin deny to all non-root users to login locally. /etc/pam.d/login file calls the module. #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth
pam_selinux.so close should be the first session rule
session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so
pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.
Community Discussion
No community discussion yet for this question.