LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Disabling Networking and Mounting Capabilities
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
Page 2 of 2 1 2
  Search this Thread
Old 06-02-2011, 01:42 PM   #16
DoomUs
LQ Newbie
 
Registered: May 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled

Quote:
Originally Posted by frieza View Post
perhaps a little more detail on your actual purpose is, as in how you actually intend to USE these machines? this sounds like something that could potentially be achieved with diskless workstations or live cds on machines without hard drives?
either way
1) Linux only has one root account
2) only accounts approved to use sudo can actually do so, therefore you can prevent root access by simply not approving the restricted users from using sudo
3) no drive can be mounted without root privileges unless explicitly configured to do so, the exception being thumb drives, but this also can be disabled
4) the network can be disabled without disabling the modules, how varies from distribution to distribution

unfortunately, what you have to do to lock down your system varies based on what your ultimate goal is for the systems, which you havn't exactly provided
Thanks, I appreciate your input. So, the main goal is to have a live-cd where someone can put it in their computer, boot up, play a game, and shut down. I want the user to rest assured that their local hard disks won't be mounted, and that their network devices will not be "used" period. I even want to go so far as to say that when the user tries to mount a drive, the mounting functionality is disabled (ideally even with the root password). Likewise, if they attempt to sniff on the network, or access any network device, I want that to be disabled by defualt.

If the user really wants to write their own modules, programs, etc, and try to gain access to the network via the live-cd, I'm really not concerned with that because I'm not trying to "beat them". What they do with the live-cd is their business, I just want it to exhibit these DEFAULT behaviors.

All that being said, addressing (1) and (2), I'd like the users to have root access so they are free to do what they want. As for (3), given that they will have root access, do you have any suggestions for mechanisms to deter mounting?

(4), that's good to hear. What are some of the options? I'm using Slax right now, but I'd be willing to change if it's way easier on something else.
 
Old 06-03-2011, 07:12 AM   #17
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
Originally Posted by DoomUs
All that being said, addressing (1) and (2), I'd like the users to have root access so they are free to do what they want. As for (3), given that they will have root access, do you have any suggestions for mechanisms to deter mounting?
I really think you need to go back and re-read acid kewpie's response. You're fighting against the system and trying to achieve mutually exclusive goals here. Mounting is one of those things you can't completely disable if you want a bootable system. However, by allowing users to have full root access, you're giving them the ability to use mount. You really have to make a decision here, either restrict root access for your users or give them full access and live with them being able to mount.

Now given that the goal of your live-cd is to allow people to play a game, I can't imagine what they would need root access for. If you could state the actual goal of allowing users to have root access, maybe we can suggest some ways to use sudo to give them the root access they need while restricting the ability to mount. And by the way, mount isn't the only thing you have to worry about. If you allow users the ability to install software, even to a virtual drive, they might be able to use programs like pmount to mount local drives.
 
1 members found this post helpful.
  


Reply
Page 2 of 2 1 2


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disabling the Auto mounting of External Drives Pennpadcreative General 1 03-19-2009 07:30 PM
Disabling the Auto mounting of External Drives Pennpadcreative Linux - Desktop 1 03-19-2009 07:21 PM
Manual mounting; disabling hal? Regulus Linux - Software 1 01-15-2007 05:34 PM
Networking problem after disabling services izelpii Linux - Networking 1 07-28-2005 10:18 AM
Distro with Most Advanced Networking/USB Capabilities? 07mackenzie Linux - Distributions 4 04-30-2005 07:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration