It provides login/access management
Step1. Check pam_access module
cat /etc/pam.d/login | grep pam_access.so
Step2. Add entry
account required pam_access.so
Step3. Check file
cat /etc/pam.d/login | grep pam_access.so cat /etc/pam.d/login #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth substack system-auth auth include postlogin account required pam_nologin.so account required pam_access.so # (Here we have added this line) account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session required pam_namespace.so session optional pam_keyinit.so force revoke session include system-auth session include postlogin -session optional pam_ck_connector.so
Step4. Search userpamaccess
cat /etc/sysconfig/authconfig | grep -i pam USEPAMACCESS=no Now change it no to yes USEPAMACCESS=yes
Step5. Check file
#cat /etc/sysconfig/authconfig | grep -i pam USEPAMACCESS=yes
Step6. Apply configuration
authconfig --updateall
Step7. Allow and deny access
cat /etc/security/access.conf Syntax : Permission:Users/Groups:Origins + : root : 192.168.1.2 (To Allow the host to access for the root account) - : root : 192.168.1.2 (To Deny the host to access for the root account) Note:- For Multiple IP access there is not required any commas + : root : 192.168.1.2 192.168.1.3 192.168.1.4 192.1681.5 - : root : 192.168.1.2 192.168.1.3 192.168.1.4 192.1681.5 - : root : ALL (To Denies access only for root account to anyone not for Non Root account) + : root : ALL (To Allow access only for root account to anyone) + : root : 192.168.1. (To Allow access only for root account to any network) - : root : 192.168.1. (To Deny access only for root account to any network)
For Live Installation you may refer below youtube link:-