On Monday, 09 August 2004, at 14:51:55 +0200, Damjan wrote: > What I want to accomplish is deny the possibility of users changing > their IP address, once its set. > Then make it impossible for users to become "root" or equivalent in their boxes, to prevent them from changing their interfaces MAC addresses. This way users won't be able to do so, and even in the event they try to boot with some sort of "live Linux CD" and change the MAC, this change won't persist after reboot.
If you prefer/need to control this changes from your Linux box, then you can play with iptables and its "mac" match (to bind together IP/MAC pairs) or install "arpwatch". The latter won't prevent users from (maybe) succeeding in their attemps to gain access to places where they shouldn't be allowed to go, but you will be inmediately notified if someone is not playing nice in your network. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.8-rc2-mm2) _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
