LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-13-2005, 03:03 PM   #1
nistelrooy
Member
 
Registered: Oct 2003
Location: Singapore
Distribution: debian
Posts: 162

Rep: Reputation: 30
Shell Provider


Hi

With limited knowledge of mine, i'm planning to offer free shell services like www.silenceisdefeat.org/ or www.hbx.us/ to my school for local user access on 10.x.x.x.

I'm wondering how can I make sure there arent shell people who will misuse the system and read my /etc/passwd /etc/shadow passwords?

How do i place permission limitations on their account?

Here.

Last edited by nistelrooy; 02-13-2005 at 03:04 PM.
 
Old 02-13-2005, 04:20 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Re: Shell Provider

I'm wondering how can I make sure there arent shell people who will misuse the system and read my /etc/passwd /etc/shadow passwords?
Don't give shell accounts to sketchy people that you don't know or who live farther away than you can drive with a baseball bat

Running a shell server is a little different than running other types of servers. Since everyone already has user level access, preventing local root exploits or other types of privilege escalation attacks is going to be extremely important, as will locking down file permissions that are a liitle too relaxed on a standard linux distro. Definitely look into kernel hardening with something like the openwall patches or grsecurity. Make sure to incorporate some form of stack protection like PaX or Exec Shield as well. For locking down the standard linux file permissions (DAC) take a look at bastille Linux or you can go with an alternate form of access control entirely and switch to a MAC system (like that used by LIDS) or RBAC or RSBAC systems.

How do i place permission limitations on their account?
For creating restricted shell environments, you can use something like rbash or preferably a chroot jail. There are several guides and projects specifically devoted to chroot jails that you can find in unSpawn's Security references thread. Chroot jails aren't a perfect solution, so hardening the rest of the system is an absolute necessity. Also remember that the less tools you give the shell users, the less things they have available to try and break. The same applies to the overall system itself, the less applications and daemons the better. Obviously general security measures like keeping up with security patches is going to be extremely important as well.

Last edited by Capt_Caveman; 02-13-2005 at 04:21 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple provider gateway netboy Linux - Networking 1 11-21-2005 06:55 PM
My provider does not allow me to route the trafic??? sys7em Linux - Networking 1 11-03-2004 05:43 PM
What's your internet provider ? jhemono General 33 05-21-2004 05:59 AM
Internet service provider miebro Linux - Software 12 11-16-2003 02:13 PM
Being my own provider, Finally thanks to linux Satriani LinuxQuestions.org Member Success Stories 1 05-29-2003 10:14 AM


All times are GMT -5. The time now is 03:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration