[K12OSN] server hardening (disable list)
Robert Arkiletian
robark at gmail.com
Thu Sep 18 18:28:10 UTC 2008
Some of my students (with previous Linux experience) discovered these programs
mail
write
wall
in addition they were attempting to guess passwords and even share passwords.
su
sudo
I changed permissions on all of the above to only allow root or myself access.
I teach command line so they need to have access to a shell terminal.
But having students start a chatting frenzy or fill logs with mail is
annoying.
In addition if you have generic accounts like comp1, comp2, comp3 they
can change the default password.
So I had to disable
passwd
for the generic accounts.
In addition I have disabled cron for everyone except root and myself.
Disable atd. Also disabled nohup. In addtion I have a script that logs
everyone off (kills all user processes) at the end of the school day.
Also secured sshd.
I was hoping others on the this list could contribute
ideas/experiences of what should/could be disabled.
--
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/
More information about the K12OSN
mailing list