LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-20-2004, 08:10 AM   #1
engineerwell
LQ Newbie
 
Registered: Feb 2004
Distribution: SuSE Linux 9.0
Posts: 12

Rep: Reputation: 0
Blocking internet traffic (ADSL) to log into root


I have an ADSL connection to the internet which by definition means I am always connected. For security reasons I do not like to log onto "root" whilst still connected. This means dropping the connection using "/sbin/ifconfig eth0 down" and restoring using "/sbin/ifconfig eth0 up". But I cannot get this to work outside of "root".

I would prefer to "ifconfig down" in my normal user log on and the log into "root" then log off "root" before I "ifconfig up".

How can I get this to work? Is this the best/simplist way to block the network connection? Am I still vulnerable if I log into superuser Konsole in my normal user log on?

Many thanks
 
Old 02-20-2004, 08:27 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
If you want to be able to run ifconfig as a normal user, you need to investigate sudo. Basically, sudo is a command that allows normal users to run root commands, without being root. The commands they are allowed to run are listed in the sudoers file. Use the man pages for sudo and sudoers for the fine details.

That said, I think you are approaching this in a rather unorthodox fashion and may be giving yourself a false sense of security. Actually being logged in as root, or as a normal user, doesn't affect what someone can do from the outside. Since linux is based on user accounts, someone could gain root access even if you never, ever log in as root. The mere fact that your computer is on and connected to the internet means it vulnerable. So the best way to go about securing your computer is really thorugh more traditional means. Make sure you have a firewall in place and that you know what holes are in it, if any. Also, be sure to understand what services are running on your computer and turn off everything that you aren't using. For example, if you don't use your computer as a web server, make sure httpd isn't running. You can use the netstat -l command to see what services are running and what ports they are listening to. And be sure to head to the Security forum here on LQ. UnSpawn has done a tremendous job in collecting a ton of useful links on securing your system.

It sounds daunting at first, but it isn't that hard to make your system more secure and you have the advantage of learning a ton of stuff to boot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables blocking traffic JJX Linux - Networking 4 11-07-2005 06:36 AM
Blocking traffic fugzi Linux - Networking 2 12-04-2004 04:31 PM
Kernel 2.4.26, slack 8.0: blocking outgoing traffic coindood Linux - Networking 3 06-03-2004 11:15 PM
Iptables blocking all traffic on other NIC spede Linux - Security 3 05-05-2004 06:37 PM
firewall traffic blocking help jaylee Linux - Security 8 06-30-2003 11:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration