wget http://download.beyondtrust.com/PBISO/7.5.3.1536/linux.rpm.x64/pbis-open-7.5.3.1536.linux.x86_64.rpm.sh
sh pbis-open-7.5.3.1536.linux.x86_64.rpm.sh
/opt/likewise/bin/domainjoin-cli join towncar.us mojleski
/opt/pbis/bin/update-dns
/opt/likewise/bin/lwregshell import /opt/pbis/share/config/lsassd.reg
/opt/likewise/bin/lw-ad-cache --delete-all
/opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash
vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_access.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
session sufficient pam_lsass.so
vim /etc/security/access.conf
#
+ : root : ALL
#+ : mojleski1 : ALL
+ : DOMAIN\devs : ALL
# User "john" should get access from ipv6 host address (same as above)
#+ : john : 2001:4ca0:0:101:0:0:0:1
#
# User "john" should get access from ipv6 net/mask
#+ : john : 2001:4ca0:0:101::/64
#
# All other users should be denied to get access from all sources.
- : ALL : ALL
/opt/likewise/bin/lw-ad-cache --enum-users
/opt/likewise/bin/lw-find-user-by-name username --level 2
/opt/likewise/bin/lw-find-group-by-id
id username
getent group | grep somegroup
getent passwd | grep username
sh pbis-open-7.5.3.1536.linux.x86_64.rpm.sh
/opt/likewise/bin/domainjoin-cli join towncar.us mojleski
/opt/pbis/bin/update-dns
/opt/likewise/bin/lwregshell import /opt/pbis/share/config/lsassd.reg
/opt/likewise/bin/lw-ad-cache --delete-all
/opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash
vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_access.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
session sufficient pam_lsass.so
vim /etc/security/access.conf
#
+ : root : ALL
#+ : mojleski1 : ALL
+ : DOMAIN\devs : ALL
# User "john" should get access from ipv6 host address (same as above)
#+ : john : 2001:4ca0:0:101:0:0:0:1
#
# User "john" should get access from ipv6 net/mask
#+ : john : 2001:4ca0:0:101::/64
#
# All other users should be denied to get access from all sources.
- : ALL : ALL
/opt/likewise/bin/lw-ad-cache --enum-users
/opt/likewise/bin/lw-find-user-by-name username --level 2
/opt/likewise/bin/lw-find-group-by-id
id username
getent group | grep somegroup
getent passwd | grep username
No comments:
Post a Comment