NISPOM Security: PAM account lockout and XScreenSaver Settings
BACKGROUND
I am trying to finalize a Debian Sarge Linux system to meet NISPOM security requirements.
PROBLEM 1 - ACCOUNT LOCKOUT
I have PAM cracklib installed and configured on my system to meet password complexity NISPOM requirements. I have set retry=5 in /etc/pam.d/common-password and LOGIN_RETRIES 5 in the /etc/login.defs, but neither seem to lock the account after 5 successive failed login attempts.
# common-password
.
.
.
password required pam_cracklib.so retry=5 minlen=8 difok=1 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0
password required pam_unix.so md5 remember=5 use_authtok shadow
QUESTION 1
What am I missing to force account lockout of user (ie. non-root) accounts?
PROBMEM 2 - XSCREENSAVER SETTINGS
I have XScreenSaver installed and configured and need to prevent users from changing the settings. I have tried changing the .xscreensaver file under the user accout ro root:root, but when I change the settings it writes over the file and changes the file permissions.
QUESTION 2
There is a setting on the settings with some sort of -root option. Is this what allows the user to change the settings and what do I change it too, or is there something else I need to do to prevent the users from changing the .xscreensaver settings?
Thanks,
Elvis
Last edited by ElvisImprsntr; 09-12-2007 at 07:10 PM.
|