[K12OSN] server hardening (disable list)

Robert Arkiletian robark at gmail.com
Thu Sep 18 18:28:10 UTC 2008

Some of my students (with previous Linux experience) discovered these programs


in addition they were attempting to guess passwords and even share passwords.


I changed permissions on all of the above to only allow root or myself access.

I teach command line so they need to have access to a shell terminal.
But having students start a chatting frenzy or fill logs with mail is
In addition if you have generic accounts like comp1, comp2, comp3 they
can change the default password.
So I had to disable


for the generic accounts.

In addition I have disabled cron for everyone except root and myself.
Disable atd. Also disabled nohup. In addtion I have a script that logs
everyone off (kills all user processes) at the end of the school day.
Also secured sshd.

I was hoping others on the this list could contribute
ideas/experiences of what should/could be disabled.

Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/

More information about the K12OSN mailing list