Unlike other password files the shadow password file is readable only by the

Unlike other password files the shadow password file

This preview shows page 513 - 515 out of 652 pages.

password. Unlike other password files, the shadow password file is readable only by the root user.This file is /etc/shadow, and can be accessed only by those processes that run at the root level.All modern Linux distributions, including RHEL, CentOS, and Ubuntu®, have shadow passwordsenabled by default.Memory UsageMemory usage is the sum of all the programs in the memory of an operating system. It also includescached data. When more processes begin, the memory available for cache is reduced. If a limit isexceeded, Linux swaps out virtual memory processes that are idle most of the time.Ways to Improve User-Level SecurityThere are a number of ways to improve user-level security. The following table lists some of theways to improve user-level security.MethodDescriptionDisable root loginBy disabling root logins to a server, all access must bemade via a non-privileged user that then executescommands via the suor sudocommands.Disable remote login by passwordDisallows all remote access to the server, exceptthrough OpenSSH key-based authentication,eliminating password security concerns.Limit the number of usersPrevents unauthorized users from accessing the system.Limit the number of user loginsSpecifies the maximum number of sessions a user canlog in simultaneously.Limit user accountsSpecifies the date when a user account should expire.Limit hard disk and CPU memory usageSets quotas for individual users to limit memory usageon storage devices and the CPU so that the systemperformance is not affected.Limit processesLimits the number of simultaneous processes that auser can run so that the system performance is notaffected.Number of LoginsYou can specify the maximum number of sessions a user can log in simultaneously. For example, ifyou specify username- maxlogins 4, it means that the user will be able to log in and run fourdifferent sessions simultaneously. If usernameis replaced by *, it means that a maximum of fourlogins will be permitted simultaneously for all the users.Limiting User AccountYou can limit a user account by specifying its expiry date using the usermodcommand. Forexample, usermod -e {yyyy-mm-dd} {login name}.The ulimit UtilityThe ulimitutility sets or gets the file-size writing limit of files written by the shell and itsdescendants (files of any size may be read). Only a process with appropriate privileges can increaseCompTIA®Security+®(Exam SY0-501) | 501Appendix B : Linux Essentials | Topic GThe Shadow PasswordFileMemory UsageWays to Improve User-Level Security
Background image
Licensed For Use Only By: Robert Underwood [email protected] Jun 4 2the limit. Limits are categorized as either soft or hard. With the ulimitcommand, you can changeyour soft limits, up to the maximum set by the hard limits. You must have root user authority tochange resource hard limits. The following table lists the ulimitcommand options.
Background image
Image of page 515

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture