LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Hiding machine information and root information (http://www.linuxquestions.org/questions/linux-security-4/hiding-machine-information-and-root-information-463673/)

geletine 07-13-2006 10:09 AM

Hiding machine information and root information
 
This may already be implemented in mandatory access control addons , i just have not looked.

Whenever a normal user logs in, does it have to tell them that they have logged in ttyX ?
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?

and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?

thanks in advance

acid_kewpie 07-13-2006 12:50 PM

i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.

Tinkster 07-13-2006 01:28 PM

The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink

geletine 07-13-2006 04:06 PM

Quote:

Originally Posted by acid_kewpie
i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.

Its obscurity for the user entering the system, which is the idea , if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I will look into chroot, thanks for that

geletine 07-13-2006 04:07 PM

Quote:

Originally Posted by Tinkster
The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink

thats a possibility, i was not actually thinking of that.

unSpawn 07-13-2006 06:11 PM

also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p

geletine 07-14-2006 07:57 AM

Quote:

Originally Posted by unSpawn
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p

thank you, i thought grsecurity or selinux would support that, now that solaris trusted extensions are open source, it would be interesting to make a port to linux and bsd.
Their label range system is very secure and proven way of working with differnt security levels, so for instance you cannot copy and paste something if the destination is lower than the source.
http://blogs.sun.com/roller/page/Stephen/20060331
http://www.opensolaris.org/os/commun...y/projects/tx/

thanks again


All times are GMT -5. The time now is 07:14 AM.