677 B
677 B
Security
Access Control
Access control on systems is done using pam_access,
pam_listfile, etc. By default, remote access is only
granted to certain users/groups configured in Hiera (see
profile::aaa for details). Local access is currently
unrestricted, ie. every valid PSI Linux account can log in locally.
root login
- only with keys/Kerberos tickets
- only through bastion hosts (wmgt*, two-factor auth) by default
SELinux
- depends on the role, enforcing by default, enforcing on all infrastructure systems
Firewall/tcpwrappers
- tcpwrappers yes
- firewall no