Securing Red Hat Enterprise Linux Login

When you install Red Hat Enterprise Linux. The security setting are set to default. Which may not be very secure. Like RHEL didn’t force you to use lowercase / uppercase or special characters while creating users on RHEL.

We might want to strengthen the security, specially, if we don’t have any centralized authentication services like IPA (Identity, Policy and Audit) or OpenLDAP server in our infrastructure.

Securing Red Hat Enterprise Linux can be be done using “authconfig” tool. It configure pam for you in such a way that the changes are consistent throughout rpm updates. Secondly, you can manually edit the files located in /etc/pam.d if and when you know what you’re doing, but I don’t recommended this.

Let go through couple of examples in securing Red Hat Enterprise Linux using authconfig.

HACK #1. 

Change the hash encryption of the passwords stored in /etc/shadow to sha512

changing password algorithm to sha512 in rhel7

HACK #2. 

Change the set the minimum length requirement for passwords to 8

changing password length to 8 in rhel7

HACK #3. 

Change that user requires at least one lowercase letter in the password

changing password need minimum one lower case letter in rhel7

HACK #4. 

Change that user requires at least one uppercase letter in the password

changing password need minimum one upper case letter in rhel7

HACK #5. 

Change that user  requires at least one number in the password

changing password need minimum one digit letter in rhel7

HACK #6. 

Change that user user requires at least one non-alphanumeric character in the password

changing password need minimum one special character in rhel7

HACK #7. 

To back up your authconfig configuration

But isn’t it will be very difficult to configure the same settings on 100 machines. As we don’t have any centralized authentication service in place like IPA or OpenLDAP. It will be very difficult to have same consistent setting for securing Red Hat Enterprise Linux on multiple machines.

One of the interesting features of this tool is the backup and restore functions.

taking backup of security setting in rhel7

As you can see it will create a directory /tmp/networknuts.conf and will copy all the authentication files into that directory.

Now all you have to do is copy this directory – /tmp/networknuts.conf to destination machine and restore the authentication setting for securing Red Hat Enterprise Linux.

HACK #8. 

Restore the configuration after copying the directory in different machine, by executing

restoring security setting in rhel7