https://www.youtube.com/watch?v=hNFeGxDRgl8

It provides login/access management

Step1. Check pam_access module

cat /etc/pam.d/login | grep pam_access.so  

Step2. Add entry

account    required     pam_access.so

Step3. Check file

cat /etc/pam.d/login | grep pam_access.so
cat /etc/pam.d/login

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    required     pam_access.so              # (Here we have added this line)
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so

Step4. Search userpamaccess

cat /etc/sysconfig/authconfig  | grep -i pam
USEPAMACCESS=no
 
Now change it no to yes
USEPAMACCESS=yes

Step5. Check file

#cat /etc/sysconfig/authconfig  | grep -i pam
USEPAMACCESS=yes

Step6. Apply configuration

authconfig --updateall

Step7. Allow and deny access

cat  /etc/security/access.conf

Syntax :
Permission:Users/Groups:Origins

+ : root : 192.168.1.2  (To Allow the host to access for the root account)
- : root :  192.168.1.2  (To Deny the host to access for the root account)

Note:- For Multiple IP access there is not required any commas
+ : root : 192.168.1.2  192.168.1.3  192.168.1.4  192.1681.5
- : root : 192.168.1.2  192.168.1.3  192.168.1.4  192.1681.5 

- : root : ALL   (To Denies access only for  root account to anyone not for Non Root account)
+ : root : ALL   (To Allow access only for  root account to anyone)

+ : root : 192.168.1. (To Allow access only for  root account to any network)
- : root : 192.168.1. (To Deny access only for  root account to any network)

For Live Installation you may refer below youtube link:-

https://www.youtube.com/watch?v=hNFeGxDRgl8

LEAVE A REPLY

Please enter your comment!
Please enter your name here