Controlling external network access per processes.
That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job.
I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking.
That was my holy grail but could not get --cmd-owner to work.
iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing "
How can I protect my machine against the enemy within.
Anyone knows a way to achieve this?
Cheers,
OpenSuse 11.2
Kernel: 2.6.31.12-0.2-desktop
|