LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-13-2006, 10:09 AM   #1
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213
Blog Entries: 2

Rep: Reputation: 30
Hiding machine information and root information


This may already be implemented in mandatory access control addons , i just have not looked.

Whenever a normal user logs in, does it have to tell them that they have logged in ttyX ?
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?

and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?

thanks in advance
 
Old 07-13-2006, 12:50 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.
 
Old 07-13-2006, 01:28 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink
 
Old 07-13-2006, 04:06 PM   #4
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213

Original Poster
Blog Entries: 2

Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.
Its obscurity for the user entering the system, which is the idea , if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I will look into chroot, thanks for that
 
Old 07-13-2006, 04:07 PM   #5
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213

Original Poster
Blog Entries: 2

Rep: Reputation: 30
Quote:
Originally Posted by Tinkster
The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink
thats a possibility, i was not actually thinking of that.
 
Old 07-13-2006, 06:11 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p
 
Old 07-14-2006, 07:57 AM   #7
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213

Original Poster
Blog Entries: 2

Rep: Reputation: 30
Quote:
Originally Posted by unSpawn
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p
thank you, i thought grsecurity or selinux would support that, now that solaris trusted extensions are open source, it would be interesting to make a port to linux and bsd.
Their label range system is very secure and proven way of working with differnt security levels, so for instance you cannot copy and paste something if the destination is lower than the source.
http://blogs.sun.com/roller/page/Stephen/20060331
http://www.opensolaris.org/os/commun...y/projects/tx/

thanks again
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to get cpu information on Linux machine laxmi_cs Programming 41 03-05-2013 02:55 AM
Fetching the distribution release information on AIX machine afrose_fathima AIX 3 05-16-2006 04:17 AM
where to get information jhv0884 Linux - Newbie 1 09-30-2005 04:08 PM
I want to get some information! Herry LI Linux - Software 2 07-02-2004 03:59 AM
Sendmail - hiding the name of the machine deepeyes Linux - Software 6 07-25-2003 08:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration