Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
ContentsContents
Security and Hardening Guide
  1. About This Guide
  2. 1 Security and Confidentiality
  3. 2 Common Criteria
  4. I Authentication
    1. 3 Authentication with PAM
    2. 4 Using NIS
    3. 5 Setting Up Authentication Clients Using YaST
    4. 6 LDAP with 389 Directory Server
    5. 7 Network Authentication with Kerberos
    6. 8 Active Directory Support
    7. 9 Setting Up a FreeRADIUS Server
  5. II Local Security
    1. 10 Physical Security
    2. 11 Software Management
    3. 12 File Management
    4. 13 Encrypting Partitions and Files
    5. 14 Storage Encryption for Hosted Applications with cryptctl
    6. 15 User Management
    7. 16 Restricting cron and at
    8. 17 Spectre/Meltdown Checker
    9. 18 Configuring Security Settings with YaST
    10. 19 Authorization with PolKit
    11. 20 Access Control Lists in Linux
    12. 21 Certificate Store
    13. 22 Intrusion Detection with AIDE
  6. III Network Security
    1. 23 X Window System and X Authentication
    2. 24 SSH: Secure Network Operations
    3. 25 Masquerading and Firewalls
    4. 26 Configuring a VPN Server
    5. 27 Improving Network Security with sysctl Variables
    6. 28 Enabling FIPS 140-2
  7. IV Confining Privileges with AppArmor
    1. 29 Introducing AppArmor
    2. 30 Getting Started
    3. 31 Immunizing Programs
    4. 32 Profile Components and Syntax
    5. 33 AppArmor Profile Repositories
    6. 34 Building and Managing Profiles with YaST
    7. 35 Building Profiles from the Command Line
    8. 36 Profiling Your Web Applications Using ChangeHat
    9. 37 Confining Users with pam_apparmor
    10. 38 Managing Profiled Applications
    11. 39 Support
    12. 40 AppArmor Glossary
  8. V SELinux
    1. 41 Configuring SELinux
  9. VI The Linux Audit Framework
    1. 42 Understanding Linux Audit
    2. 43 Setting Up the Linux Audit Framework
    3. 44 Introducing an Audit Rule Set
    4. 45 Useful Resources
  10. A Achieving PCI DSS Compliance
  11. B GNU-Lizenzen
Navigation
Applies to SUSE Linux Enterprise Server 15 SP2

Part I Authentication

3 Authentication with PAM

Linux uses PAM (pluggable authentication modules) in the authentication process as a layer that mediates between user and application. PAM modules are available on a system-wide basis, so they can be requested by any application. This chapter describes how the modular authentication mechanism works and how it is configured.

4 Using NIS

When multiple Unix systems in a network access common resources, it becomes imperative that all user and group identities are the same for all machines in that network. The network should be transparent to users: their environments should not vary, regardless of which machine they are actually using. This can be done by means of NIS and NFS services. NFS distributes file systems over a network and is discussed in Chapter 34, Verteilte Nutzung von Dateisystemen mit NFS.

NIS (Network Information Service) can be described as a database-like service that provides access to the contents of /etc/passwd, /etc/shadow, and /etc/group across networks. NIS can also be used for other purposes (making the contents of files like /etc/hosts or /etc/services available, for example), but this is beyond the scope of this introduction. People often refer to NIS as YP, because it works like the network's yellow pages.

5 Setting Up Authentication Clients Using YaST

Whereas Kerberos is used for authentication, LDAP is used for authorization and identification. Both can work together. For more information about LDAP, see Chapter 6, LDAP with 389 Directory Server, and about Kerberos, see Chapter 7, Network Authentication with Kerberos.

6 LDAP with 389 Directory Server

The Lightweight Directory Access Protocol (LDAP) is a protocol designed to access and maintain information directories. LDAP can be used for tasks such as user and group management, system configuration management, and address management. In SUSE Linux Enterprise Server 15 SP2 the LDAP service is provided by the 389 Directory Server, replacing OpenLDAP.

7 Network Authentication with Kerberos

Kerberos is a network authentication protocol which also provides encryption. This chapter describes how to set up Kerberos and integrate services like LDAP and NFS.

8 Active Directory Support

Active Directory* (AD) is a directory-service based on LDAP, Kerberos, and other services. It is used by Microsoft* Windows* to manage resources, services, and people. In a Microsoft Windows network, Active Directory provides information about these objects, restricts access to them, and enforces po…

9 Setting Up a FreeRADIUS Server

The RADIUS (Remote Authentication Dial-In User Service) protocol has long been a standard service for manage network access. It performs authentication, authorization, and accounting (AAA) protocol for very large businesses such as Internet service providers and cellular network providers, and is al…

Print this page