[K12OSN] server hardening (disable list)

Robert Arkiletian robark at gmail.com
Thu Sep 18 18:28:10 UTC 2008


Some of my students (with previous Linux experience) discovered these programs

mail
write
wall

in addition they were attempting to guess passwords and even share passwords.

su
sudo

I changed permissions on all of the above to only allow root or myself access.

I teach command line so they need to have access to a shell terminal.
But having students start a chatting frenzy or fill logs with mail is
annoying.
In addition if you have generic accounts like comp1, comp2, comp3 they
can change the default password.
So I had to disable

passwd

for the generic accounts.

In addition I have disabled cron for everyone except root and myself.
Disable atd. Also disabled nohup. In addtion I have a script that logs
everyone off (kills all user processes) at the end of the school day.
Also secured sshd.

I was hoping others on the this list could contribute
ideas/experiences of what should/could be disabled.



-- 
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/




More information about the K12OSN mailing list