Hi. When there is a suspicious access to a user account, we want to lock this account until we made sure. So “:-:” in /etc/shadow and shell to /bin/false, and “sudo -u user kill -9 -1”.
But, at least with the default configuration, these will not block: - crontabs or atjobs that download instructions from the web; - .procmailrc or “|something” in .forward; - probably one or two mechanisms I forgot about. PAM might be able to help for some of these, but not all. I tried to search on the web, but did not find anything relevant, which is somewhat surprising to me. Do you know of any extensive discussion about this topic, to help me set something up without leaving too many holes? Regards, -- Nicolas George
