Re: [gentoo-user] RE: Users with access to shell!
On May 17, 2005, at 4:32 am, D. Wokan wrote: That's the point, my server is a DataBase Server, I mean, users log in and run a C++ script and then they work with the database files.. THEY HAVE TO LOG IN, so there's only few that has access to the bash shell, because they need it!!!... so, I ask again, there is some tools, command that help me to monitoring, securing this server?? Is it possible for them to work with this DB using some client app running on another machine? You haven't said much about your situation but perhaps there is another way besides them having shell access to that server. I believe you can set their shell to /bin/true and they'll be able to log in, but not get an actual shell. Erm.. this is usually used to prevent users from logging in - I mean, they can log in, but then /bin/true is called, and that allows no interactivity. The users wouldn't be able to call their C++ script. I think it would be better to set the users' shell to /path/to/the/c++/app/the/users/require. This would allow them to log in to the server ONLY use that. Incidentally, `grep -e true -e false /etc/passwd` suggests the Gentoo standard to be to set shell to `/bin/false` for users who should be denied shell access. I thought `/bin/true` was more correct. Comments, anyone? Stroller. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] RE: Users with access to shell!
If sounds to me like he made it clear that they HAD to login to use a c++ script. Probably something he built himself to manage data or something. The quickest, easiest way is to just use chroot jails. They are fairly secure out of the box and chroot is a widely accepted method for securing untrusted clients/servers (such as postfix for example). Just put only what they need in the chroot enviornment and you should be ok. As for monitoring, there is always the bash_history file. You can also install a shell monitor that allows the root user to view a shell in realtime. You can also use the watch command to watch the who list. It's primitive but can be useful. You can also use syslog to do some extra logging similiar to that if bash_history. D. Wokan wrote: Is it possible for them to work with this DB using some client app running on another machine? You haven't said much about your situation but perhaps there is another way besides them having shell access to that server. I believe you can set their shell to /bin/true and they'll be able to log in, but not get an actual shell. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] RE: Users with access to shell!
Sami Samhuri wrote: * On Thu May-12-2005 at 03:17:56 PM -0500, [EMAIL PROTECTED] said: I have users accessing to the bash shell of my Gentoo Server, my question is: How can secure my server with this users accessing to shell? , You can't trust your users. That's the idea. That's the point, my server is a DataBase Server, I mean, users log in and run a C++ script and then they work with the database files.. THEY HAVE TO LOG IN, so there's only few that has access to the bash shell, because they need it!!!... so, I ask again, there is some tools, command that help me to monitoring, securing this server?? Is it possible for them to work with this DB using some client app running on another machine? You haven't said much about your situation but perhaps there is another way besides them having shell access to that server. I believe you can set their shell to /bin/true and they'll be able to log in, but not get an actual shell. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Users with access to shell!
On 5/12/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How can secure my server with this users accessing to shell? , Don't give users physical access to the machine. Don't allow users to use SSH. Don't run a telnet server. I'd like to allow every user to access ONLY its home directory, I mean he only can work in his directory... Access with what? -- David Dorward http://dorward.me.ukhttp://blog.dorward.me.uk -- gentoo-user@gentoo.org mailing list
[gentoo-user] RE: Users with access to shell!
I have users accessing to the bash shell of my Gentoo Server, my question is: How can secure my server with this users accessing to shell? , You can't trust your users. That's the idea. That's the point, my server is a DataBase Server, I mean, users log in and run a C++ script and then they work with the database files.. THEY HAVE TO LOG IN, so there's only few that has access to the bash shell, because they need it!!!... so, I ask again, there is some tools, command that help me to monitoring, securing this server?? Thanks for your soon answers.. Regards, Israel -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] RE: Users with access to shell!
On Thu, 12 May 2005 [EMAIL PROTECTED] wrote: That's the point, my server is a DataBase Server, I mean, users log in and run a C++ script and then they work with the database files.. THEY HAVE TO LOG IN, so there's only few that has access to the bash shell, because they need it!!!... so, I ask again, there is some tools, command that help me to monitoring, securing this server?? Q: How do you secure a house after giving away the keys? A: You can't. The best you can do is log everything, install logwatch, maybe setup some process accounting, etc. One thing you could do is setup iptables to only allow logins from specific IPs perhaps. -- -- gentoo-user@gentoo.org mailing list