LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-06-2007, 07:49 AM   #1
huxflux
Member
 
Registered: Mar 2005
Posts: 33

Rep: Reputation: 15
Commands to dissalow regular users to execute


Hello!

I have to install Kubuntu on several PCs at work and I was wondering which commands not to allow users to execute to increase security as high as possible. I've removed the user they will login with from the root group and now i want to remove the executable flag from group and other for some executables. I hope you'll tell me some executables as well.

So far, I've denied access to: ssh, telnet, scp, nmap, ping, tranceroute. Anything else?

Thanks.
 
Old 02-06-2007, 07:53 AM   #2
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
gcc, if any.
Plus some recommends to mount /tmp so that no files can be executed from there. But it must be thoroughly tested to make sure that it does not affect any used service adversely...

Last edited by J_Szucs; 02-06-2007 at 07:59 AM.
 
Old 02-07-2007, 02:46 AM   #3
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Lenny
Posts: 351

Rep: Reputation: 47
AFA the security of commands is concerned, allowing a user to be user _alone_ will always protect a system. No other person _except_ root can do harm to a running server with improper commands. So just remove the root access to them and things must settle down. Now, if you are not able to remove root access to them, then it is very difficult to manage !

For any mount point where you do not want people to execute (AFA ext3 is concerned) , in fstab or during mounting add the option noexec (see man mount)
 
Old 02-07-2007, 06:10 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
@OP: I have to install Kubuntu on several PCs at work and I was wondering which commands not to allow users to execute to increase security as high as possible.
What you're talking about is called hardening. Since .*buntu is based off Debian you're in luck. Debian provides a good Security HOWTO. Accidentally (or not) the (co)author also is (co)maintainer of the auditing application called Tiger. Now I don't have any idea about your situation, so IMHO answering this should start with some questions.
What is the purpose of these machines?
Who uses the machines?
Are they accessable from outside your local network?
What (publicly) accessable services do they run?
Why Kubuntu? (That's not a distro war question, OK)



@bhaslinux:
No other person _except_ root can do harm to a running server with improper commands.
Define "improper"?
How does getting privileged access by exploiting vulnerable applications fit in your picture?
And how about situations where you don't even need root account privileges to abuse the server?


So just remove the root access to them and things must settle down.
As far as I know GNU/Linux is no Plan9, so what do you *exactly* mean by "just remove the root access"?
 
Old 02-07-2007, 09:23 AM   #5
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 15
Quote:
Originally Posted by J_Szucs
Plus some recommends to mount /tmp so that no files can be executed from there. But it must be thoroughly tested to make sure that it does not affect any used service adversely...
I tried exactly that with Kubuntu 6.06, and it lead to some kind of error whenever I used "apt-get install".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to sort regular users and system users from /etc/passwd joeyBig Red Hat 9 05-29-2008 12:59 AM
need to do root commands as a regular user remotely matticus Linux - Newbie 4 08-09-2006 11:50 PM
C -how do i execute linux commands? ocularbob Programming 7 02-29-2004 01:51 PM
Giving regular users access to certain root-only commands slickrcbd Linux - Newbie 4 12-24-2003 07:27 AM
python, executing regular linux commands Robert0380 Programming 3 06-26-2003 03:35 PM


All times are GMT -5. The time now is 01:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration