Enable_Security_LoginNode.md 3.1 KB
Enabling Security on the Login Node
- Ensure that
enable_secure_login_nodeis set to true inomnia_config.yml - Set the following parameters in
omnia_security_config.yml
| Parameter Name | Default Value | Additional Information |
|---|---|---|
| max_failures | 3 | Failures allowed before lockout. This value cannot currently be changed. |
| failure_reset_interval | 60 | Period (in seconds) after which the number of failed login attempts is reset Accepted Values: 30-60 |
| lockout_duration | 10 | Period (in seconds) for which users are locked out. Accepted Values: 5-10 |
| session_timeout | 180 | Period (in seconds) after which idle users get logged out automatically Accepted Values: 30-90 |
| alert_email_address | Email address used for sending alerts in case of authentication failure. Currently, only one email ID is accepted in this field. If this variable is left blank, authentication failure alerts will be disabled. |
|
| allow_deny | Allow | This variable sets whether the user list is Allowed or Denied. Accepted Values: Allow, Deny |
| user | Array of users that are allowed or denied based on the allow_deny value. Multiple users must be separated by a space. |
- Set the following parameters in
control_plane/input_params/security_vars.yml
| Parameter Name | Default Value | Additional Information |
|---|---|---|
| allow_deny | Allow | This variable sets whether the user list is Allowed or Denied. Accepted Values: Allow, Deny |
| user | Array of users that are allowed or denied based on the allow_deny value. Multiple users must be separated by a space. |
Kernel Lockdown
- RockyOS has Kernel Lockdown mode (Integrity) enabled by default
- SUSE/Leap allows users to set Kernel Lockdown mode to Confidentiality or Integrity.