Elevate your cybersecurity strategy with Ironchip Identity Platform, designed to bring the power of Multi-Factor Authentication (MFA) to your desktop computing environment. Know more.
Role-based privilege management: Set different user privileges to prevent unauthorized users from misusing the system.
Restrict access from unauthorized places: Limit access to authorized areas for enhanced security.
Supervision of accesses in real time: Monitor user activity, view access history, generate reports, and download them for complete control.
Intrusion detection system (IDS): Receive alerts for SIM swapping, phishing, device switching, and more.
Download the latest Ironchip PAM module for Linux (.so file):
Once you've downloaded the .so file:
-
Move it to a secure directory:
sudo mv pam_ironchip_auth.so /usr/local/lib/security/
-
Edit your desired PAM configuration file (e.g.,
/etc/pam.d/sudo) and add:auth required /usr/local/lib/security/pam_ironchip_auth.so host=https://api.ironchip.com api_key=<your_api_key>
-
Save and close the file (
Ctrl+O,Enter,Ctrl+Xif usingnano). -
Assign access from the Ironchip Dashboard.
This PAM module integrates Ironchip Multi-Factor Authentication (MFA) into the Linux login flow, administrator actions (sudo), SSH sessions, and more.
Important: This process can cause permanent system and user locks if not executed correctly. Keep a terminal with administrator permissions open during the process to avoid any irreparable error. It is recommended to first test the integration with
sudoauthentication to avoid being locked out of the system.
Run the following command to install required packages:
sudo apt-get install libcurl4-openssl-dev libpam-dev uuid-devCreate a secure directory to store the module:
sudo mkdir -p /usr/local/lib/securityMove the downloaded PAM module into the new directory:
sudo mv pam_ironchip_auth.so /usr/local/lib/security/Go to /etc/pam.d/ and edit one of the following files depending on your needs:
sudo: authentication for sudo commandssshd: authentication for remote SSHgdm-password: authentication for login GUIcommon-auth: apply authentication system-wide
Example: Add MFA to sudo
sudo nano /etc/pam.d/sudoAdd the following line at the top:
auth required /usr/local/lib/security/pam_ironchip_auth.so host=https://api.ironchip.com api_key=<your_api_key>Replace <your_api_key> with the actual key provided by Ironchip.
Save and exit: Ctrl+O, Enter, then Ctrl+X.
To remove Ironchip PAM integration:
- Remove the added line from the modified
/etc/pam.d/file. - Delete the PAM module:
sudo rm /usr/local/lib/security/pam_ironchip_auth.soFor more information and advanced options, visit the Ironchip Linux documentation.