[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to block telnet access.
> The problem is that they are several teen agrees that will probably give away
> their passwords and very soon i will have the whole hacker world in my server.
>
> Since i must give them telnet (ssh actually) access and i can't restrict the
> servers witch the ssh will be from (they are using dailup) then i'm pretty
> much sure that my security will be broken.
> I will install the shadow system ASAP, and will change the passwords(in case
> they used a John the ripper on my old passwords) but still.....
>
> Is there a way to control the server time and process that they are using ?
> So they could not simply run something that will crush my system ?
> Can i limit their access to the network ? So they could not use sniffy in
> order to sniff my passwords ?
Sorry, but you are in trouble. If you have untrusted users on your system,
then your security is broken by definition (and in practice).
Theoretically, you could try to build a chroot() jail for them.
Unfortunately, doing this correctly isn't quite trivial and does not protect
you from all the threats. Worse, assuming these people need to get some work
done, they'll need access to (potentially vulnerable) applications and
directories and the `security' of the jail gets even worse.
FreeBSD has a jail(2) facility for similar purposes, but even that isn't
perfect.
This appears to be a political problem, not a technical problem. Untrusted
users on your system will lead to a security breach; the decision needs to
be made as to what is more important.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il