Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
One of the conditions for this to happen was that I would create an account on the server to be used in case of attacks and stuff like that.
First find out what this account user needs (tasks).
the user has to be able to see the logs and configuration files (at least for the ones concerning the internet connection - iptables, squid.conf ...)
View only? Doesn't need to execute emergency tasks? Then there's three ways I can imagine:
- set him/her up with an unprivileged user account and some sudo aliases. Watch out for viewers that allow a user to execute commands. OTOH, depending on how much you would trust ISP personnel (IMNSHO, not much), you could go the other way and:
- set up a simple webbased HTTPS logbrowser.
- Or only allow for (chrooted) SSH login, provide minimal binaries (Busybox) and set up a cronjob to scp logs in.
- set him/her up with an unprivileged user account and some sudo aliases.
[....]
Or only allow for (chrooted) SSH login, provide minimal binaries (Busybox) and set up a cronjob to scp logs in.
I run ssh on an outside interface and I don't want anybody but one user to be able to log in... how can I do that?
Actually, I want that on the chrooted environment ssh to allow only one user, and on the non chrooted environment just one user (there are more than 3 accounts on the server but some of them are accessed only from the inside)
run ssh on an outside interface and I don't want anybody but one user to be able to log in... how can I do that?
sshd_config, allowgroups directive, or PAM login, module listfile.
I want that on the chrooted environment ssh to allow only one user, and on the non chrooted environment just one user
Use a chroot shell for the chrooted user. I prefer setting it up with an app called "jail".
what aliases would do?
I don't know what your logs are. Examine syslog.conf and your running apps for the files they log to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.