mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-02-17 15:44:09 -05:00
24 lines
668 B
Plaintext
24 lines
668 B
Plaintext
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Console Lockdown
|
|
## https://forums.whonix.org/t/etc-security-hardening/8592
|
|
|
|
## This is the error message should this fail:
|
|
## sudo su
|
|
## sudo: PAM account management error: Permission denied
|
|
|
|
## see also:
|
|
## man access.conf
|
|
## man pam_access
|
|
|
|
## Usually tty7 is for X.
|
|
## Qubes uses tty1 for X.
|
|
|
|
## Allow members of group 'console' to use tty1 to tty7.
|
|
+:console:tty1 tty2 tty3 tty4 tty5 tty6 tty7
|
|
|
|
## Everyone else except members of group 'console-unrestricted'
|
|
## are restricted from everything else.
|
|
-:ALL EXCEPT console-unrestricted :ALL
|