|
For each of these services ,RHCEs must be able to:
* Configure host-based and user-based security for the service
network service :
HTTP/HTTPS,SMB,NFS,FTP,WEB proxy,SMTP,IMAP,IMAPS,POP3,SSH,DNS
要求配置上述网络服务(基于主机安全,基于用户安全)---注意:不是说每一个网络服务都
一定要有host-based, user-based 的配置.
SMTP(用sendmail)
1.user-based:有没有必要,搞不清楚!谁能讲讲?
如果做基于用记的控制,在/etc/pam.d/中有smtp, smtp.sendmail(应该选哪个文件)
加入
account required pam_access.so
在/etc/security/access.conf 做相应控制!
是否正确?
2.hosts-based:
a.用tcp_wrapper .: hosts.allow, hosts.deny : sendmail
b./etc/mail/access
关键字可是: 完全或部分域名、直接的邮箱地址、IP地址
行动值: ok、reject和discard ,relay
make access.db
具体可到网上搜一下, sendmail access,可找到相应的详细信息! |
|