LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-13-2006, 10:09 AM   #1
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213
Blog Entries: 2

Rep: Reputation: 30
Hiding machine information and root information


This may already be implemented in mandatory access control addons , i just have not looked.

Whenever a normal user logs in, does it have to tell them that they have logged in ttyX ?
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?

and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?

thanks in advance
 
Old 07-13-2006, 12:50 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.
 
Old 07-13-2006, 01:28 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,986
Blog Entries: 11

Rep: Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880
The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink
 
Old 07-13-2006, 04:06 PM   #4
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
i don't see any benefit at all in hiding their tty or other users processes, that's not security, that's obscurity. as for /, well you would probably be interested in looking into chroot to provide a jail for certain users in terms of the filesystem they can access.
Its obscurity for the user entering the system, which is the idea , if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I will look into chroot, thanks for that
 
Old 07-13-2006, 04:07 PM   #5
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Tinkster
The single biggest risk in seeing other users processes is that there
might be a password on the commandline (which is bad practice as such)
which you could then see via ps.



Cheers,
Tink
thats a possibility, i was not actually thinking of that.
 
Old 07-13-2006, 06:11 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p
 
Old 07-14-2006, 07:57 AM   #7
geletine
Member
 
Registered: Apr 2005
Distribution: Slackware
Posts: 213
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn
also running top shows what root is running, is it possible to disable that so only the users processors are shown when running top?
The GRSecurity patch can confine their process view. Note you can't run GRSecurity and SELinux in the same kernel, they're incompatible.


and lastly is it possible to hide / from them, so if they try cd /, it will just return them to the current/workind directory?
Next to chroot both GRSecurity and SELinux provide finegrained ways to restrict users access.


if a bad guy can see nothing, then what is he going to look for as far as running apps that may have vunerabilies?
I guess whatever you can get exploits for, besides the kernel is always up and running...
Then again sometimes you can get lucky by just looking, like finding a copy of shadow ;-p
thank you, i thought grsecurity or selinux would support that, now that solaris trusted extensions are open source, it would be interesting to make a port to linux and bsd.
Their label range system is very secure and proven way of working with differnt security levels, so for instance you cannot copy and paste something if the destination is lower than the source.
http://blogs.sun.com/roller/page/Stephen/20060331
http://www.opensolaris.org/os/commun...y/projects/tx/

thanks again
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to get cpu information on Linux machine laxmi_cs Programming 41 03-05-2013 02:55 AM
Fetching the distribution release information on AIX machine afrose_fathima AIX 3 05-16-2006 04:17 AM
where to get information jhv0884 Linux - Newbie 1 09-30-2005 04:08 PM
I want to get some information! Herry LI Linux - Software 2 07-02-2004 03:59 AM
Sendmail - hiding the name of the machine deepeyes Linux - Software 6 07-25-2003 08:01 AM


All times are GMT -5. The time now is 05:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration