[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] server hardening (disable list)



Some of my students (with previous Linux experience) discovered these programs

mail
write
wall

in addition they were attempting to guess passwords and even share passwords.

su
sudo

I changed permissions on all of the above to only allow root or myself access.

I teach command line so they need to have access to a shell terminal.
But having students start a chatting frenzy or fill logs with mail is
annoying.
In addition if you have generic accounts like comp1, comp2, comp3 they
can change the default password.
So I had to disable

passwd

for the generic accounts.

In addition I have disabled cron for everyone except root and myself.
Disable atd. Also disabled nohup. In addtion I have a script that logs
everyone off (kills all user processes) at the end of the school day.
Also secured sshd.

I was hoping others on the this list could contribute
ideas/experiences of what should/could be disabled.



-- 
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]