Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anyone know how to turn off the 'feature' in tightvnc where when you connect to a client's computer it displays a message 'remote administration enabled'.
The reason I want to do this is I want to use this on a network to monitor users behaviour as the PC's will be in a setup where hacking occurs both from the network side as well as via the internet. That is there is NO TRUSTED ZONE. I realise the message disappears eventually, but I would like to get rid of it entirely, so that I can
turn off vncviewer if no-one is using a PC in order to conserve resources, then restart it if someone uses a PC. I could just keep it running though.
this sounds like spying out users
I concur. Combat cracking attempts by enforcing company policies, educating users, restricting system and network access and using a NIDS. AFAIK you need to have legal backing to be able to monitor traffic, wrt to local Law the company should have this checked with a lawyer. A company policy should be the framework for that. Accompanying procedures should see to it that data isn't abused and set limits wrt cases, retention etc, etc. Users should be aware they are monitored. AFAIK SANS has template policies to use.
It is an internet cafe where rival companies do come in and do hack the
linux and windows boxes and use physical intimidation as a backup. Police are fu**ing useless. I would like to be able to ban access to computers by people I know have hacked and to check out suspects. I have NIDS based on AIDS. Forget 'company policy', user education, restricting network access and similar as I said there is NO F****** TRUSTED ZONE! I make it clear that their behaviour will be monitored. Also I know of system and network administrators who use vncviewer type software to monitor suspicious activity on the network and they work in well-known companies. Even there you have users who persist in continuing despite company policies to load virus infected floppies etc, and ignoring warning messages about a virus being detected etc, hence the use of vncviewer. In an ideal world this would not be necessary, in the REAL world though it often happens.
Last edited by Capt_Caveman; 03-17-2006 at 12:35 AM.
It is an internet cafe
I really wished you explained your situation better in your initial post, but OK, clear.
I have NIDS based on AIDS.
I'm truely sorry to hear that. And here I thought baboons couldnt infect computers... :-]
Forget 'company policy', user education, restricting network access and similar as I said there is no fsckin trusted zone!
Not having any "trusted zones" does not mean you can't have a policy against illegal use of computers, unless you have other considerations like losing business.
Also I know of system and network administrators who use vncviewer type software to monitor suspicious activity on the network and they work in well-known companies.
And they are most likely backed by company policies allowing them to do so w/o legal repercussions.
So, unless you have to deal with considerations like losing business, you should be restricting access because it simply will make it easier to manage the whole thing so you can concentrate on the biggest rotten apples. Wrt vncviewer I think you'll need to hack the source yourself if you want to get rid of that message, besides that I think it's too laborious: there's keyloggers and apps that can record X sessions unattended. If the boxen run in Kiosk mode and you restrict access to stuff like process views (GRSecurity kernel patch) they wouldn't be able to find out.
When you say "restricting access" could you explain in detail, as I do indeed do this.
Do you mean
a. physical access
b. access to software
If b. the situation is not black and white, and yes it is a business and guess what I am trying to earn a living as well as provide a service, and if you restrict legitimate users access too much they bitch, although this can depend on the level of sophistication of the user as well.
AS I SAID I do have clearly stated policy regarding use of computers, hacking.
I am aware of keylogging and rootkits and what they can do. I have looked at Kiosk software, but find it TOO restrictive eg: have to add games which a lot of people want to do and also Office type products and so forth. Multimedia access and programs are also a popular activity on the internet. As are IM type programs. I have taken the opposite approach initially because I was doing this BEFORE the kiosk type projects got started, and removed software, modified KDE, linux versions of IM etc.
Anyway, thanks for the help you have provided though I could do without the sarcasm and patronisation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.