I am currently in my first linux class. My teacher issued a challenge to the class. He says no one can keep him off of their computer. I would like to know as many ways as I can find to make logon attempts as difficult as possible.
I need to cut off remote users

Check for the following terms:
using whereis & man: daemon, inetd, tcpwrappers, hosts.deny, ipchains, rlogin, shadow, PAM.
on the web: LASG, IDS, Securing Linux, Maximum Security.
It aint that hard, just think client->server model.

You need to cut off all remote access?

You can simply shutdown all the daemons that allow remote access or firewall up all your ports with something like (assuming your using ipchains)

ipchains -A input -i eth0 -s 0.0.0.0/0 --destination-port 1:1024 -p tcp -j DENY
ipcahins -A input -i eth0 -s 0.0.0.0/0 --destination-port 1:1024 -p udp -j DENY

you'd also need to do the same for a few higher ports like NFS if you have it running. The above will cause any incomming packets on ports 1-1024 to be dropped. The server won't even return a message saying the connection was not accepted...

HTH

Jamie...

hmm. thats not learning... thats cut & paste :-[

If he/she didn't know it before yet cuts and pastes it, and see what it does then it's learning is it not?

More seriously; quite correct - its a solution not where to find a solution, but this is what was asked for.

cheers.

Jamie...

pnut028,

I don't like to point out the obvious, but if your teacher makes a comment like that, then he's going to do something you won't expect and from my experience probably backhanded.

Close off all the remote port and he will wait until class is over and mount to a CD-rom get root and add a backdoor.

If they have physical access to the computer, then you can't keep them out of the OS. "you can slow em down"...

/Raz

oh.. so that's what he meant by keeping him off..

Well.. here's my suggestion then..
1st : Close all ports with either tcpwrapper, ipchains or iptables..
2nd : Stand guard by the pc with a big club..

Big Club? Why not go the whole hog and wire it to blow if its tampered with

How about setting a power-on password in the BIOS. If you pick a good one, you can prevent him from even booting the machine at all....

....unless he opens the case, pops out the CMOS battery for a few hours, and then puts it back together.

Like Raz said....anything to slow him down a little....

Most Mobo's will let you reset CMOS on the board without removing the battery.. which leads me back to the club thing again

Point taken, Q25. The club sounds better and better.

club..bah.....I'd be standin on top of the machine with a sawed off....much more fun...

i got an idea...kinda backhanded....take out the mobo....then he cant get on..even with physical access to the machine....either that..or steal the HDD...then he can use the machine..but not the os...

Throw some cow dung on the computer itself and keyboard, that should prevent anyone from getting to it physically.
And make it a stand alone machine, nothing connected to the outside world.
He should have trouble then getting into it.

the only safe computer is no computer.