Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
/etc/security/access.conf physcial logins only?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue May 02, 2017 12:57 am    Post subject: /etc/security/access.conf physcial logins only? Reply with quote

I want to lock my machine to physcial logins only.

I dont want to allow logins from machines on the lan.

Code:
-:ALL EXCEPT root:tty1
-:ALL EXCEPT (wheel) sync:127.0.0.1
-:(wheel):ALL EXCEPT 127.0.0.1
-:ALL:ALL


Will this work?

Edit: probbably a stupid question because im not running an sshd!
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue May 02, 2017 6:48 am    Post subject: Re: /etc/security/access.conf physcial logins only? Reply with quote

reddragon wrote:
Edit: probbably a stupid question because im not running an sshd!

reddragon ... the obvious question then is how are these non-physical logins to occur? It requires the the means to do so, if that isn't present then it isn't possible.

best ... khay
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 545
Location: France

PostPosted: Tue May 02, 2017 4:11 pm    Post subject: Reply with quote

Considering your access.conf only, I'm not sure it will work as you expect. Make it simple. Double-negations ("-" and "EXCEPT") should be avoided.

For example :
Code:
+ : root  : cron crond tty1 tty2 tty3 tty4 tty5 tty6
+ : user1 : LOCAL

- : root : ALL
- : ALL  : ALL
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Wed May 10, 2017 11:08 pm    Post subject: Reply with quote

Thanks, i went with this.

Code:
+ : root : cron crond tty1
- : root : ALL

+ : user1 : LOCAL
- : user1 : ALL

- : ALL  : ALL
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3374

PostPosted: Thu May 11, 2017 4:22 pm    Post subject: Reply with quote

How about simply not starting sshd (or any other such remote access daemon) at boot time?

No listening ports, no remote access. Firewall it that way if you want, for another security layer.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum