LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Blocking ips permanently and throwing away the keys (https://www.linuxquestions.org/questions/linux-security-4/blocking-ips-permanently-and-throwing-away-the-keys-833695/)

jmstr10 09-22-2010 12:32 AM
Blocking ips permanently and throwing away the keys
 
I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.

So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.

So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.

But the basic question is to block ips and gulp the key.

anomie 09-22-2010 02:32 PM
If you are (or someone is) root, and/or you have (or someone has) physical access, there's going to be a way to modify your packet filtering ruleset, ACL, or.. whatever.

unixfool 09-22-2010 02:57 PM
Is this a 'save me from myself' type situation?

The normal solution should suffice. If you're having system access control issues (someone removing your blocks), maybe revoke access from that individual or lock down their permissions so that they can't make changes you don't want. If you do this the right way, you won't need the super solution you're currently looking for.

jmstr10 09-23-2010 02:56 AM
Well yes it is a save me from myself situation. The effort required to reverse the blockage should be as much as formatting and reinstalling.
And yes there is no other person involved it is only me and I can't destroy the root password because I need it for other things.
Thanks

b0uncer 09-23-2010 03:05 AM
How about setting up sudo privileges for your (non-root) user account such that you can do your administrative tasks using sudo? That way you wouldn't need "real" root privileges (you could even disable root account if you wanted to) and there was no problem.

It's just not sane to try to make something so difficult to yourself that it's "too difficult/time consuming to even start", and think you're safe that way. It's just easier to tell yourself not to do it. If we compare this situation to one where you'd try to stop smoking, there is no way you can deny yourself a cigarette if you really want it. But you could use something to make up for the real thing while learning to live without; ex-smokers use all sorts of things that provide nicotin without having to smoke, so you could use (well configured/"limited") sudo to get rid of being root all the time. Even better, you could just learn to live with yourself, but that's quite a hard task sometimes :)

divyashree 09-24-2010 06:58 AM
Just give a junk password of too many random characters, which you cant remember even after one 1 hr. Dont write it anywhere.


All times are GMT -5. The time now is 12:30 AM.