Professional Documents
Culture Documents
Lab 3 Hardening Security With User Account Management and Security Controls Objective of LAB3
Lab 3 Hardening Security With User Account Management and Security Controls Objective of LAB3
LAB 3
Hardening Security with User Account Management and Security Controls
Objective of LAB3:
Configure a password policy by editing the /etc/login.defs file and
implementing
stringent password security measures on a CentOS Linux Server
Enforce a password change every 60 days showing a warning 14 days prior to
the password’s expiration across the system for all users
Configure a minimum password length of eight characters with stringent
complexity requirements
Create users and groups with the proper permissions and restrictions to enforce
role-based access controls
Create a temporary user account that expires in 90 days to enforce the proper
principle of least privilege with contractors and temporary workers/consultants
A. Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor:
B. Hand-on Steps
I. Part 1: Establish System Password Controls
1. Open the CentOS virtual machine.
2. At the command prompt, type sudo vi /etc/login.defs and press Enter to load the grub
configuration file into the vi Editor.
3. Press the i key to enter the Insert mode.
4. Use the arrow keys to locate the Password aging controls section of the file.
5. Edit the password aging controls section to match the following definition:
PASS_MAX_DAYS 60
PASS_MIN_DAYS 0
PASS_MIN_LEN 8
PASS_WARN_AGE 14
6. Make a screen capture showing your changes in the vi Editor window and paste it into the Lab
Report File.
3. Type: sudo chage –d 0 jtemp to force the jtemp user to change the password at the next login
attempt.
4. Type: sudo chage –E YYYY/MM/dd jtemp to force the jtemp user to change the password on the
required date.
5. Type: sudo chage --list jtemp to review the password settings for the jtemp user account.
6. Make a screen capture showing the output of the –list command and paste it into the Lab Report
file.
In the next steps, you will harden security measures on this server by restricting the
use of the su command which grants the user root level access. You will edit the
pam.d file to restrict the wheel group from using the su command
1. Type: sudo vi /etc/pam.d/su to edit the access for the su command in the PAM module file.
2. Press the i key to enter the Insert mode.
3. Use the arrow keys to locate the #auth required pam_wheel.so use_uid line in the editor.
4. Replace the hash tag (#) at the beginning of the line with an x so that the entire line now reads
xauth required pam_wheel.so use_uid.
5. Make a screen capture showing the edits from step 4 and paste it into the Lab Report file.