[K12OSN] server hardening (disable list)

Rob Owens rob.owens at biochemfluidics.com
Thu Sep 18 19:05:00 UTC 2008 

I think you should first give those kids extra credit for being
resourceful, then give them extra credit every time they report a new
"exploit" for you to fix.  Turn it into a challenge for them and keep
them on the white hat side of things.

-Rob

Robert Arkiletian wrote:
> Some of my students (with previous Linux experience) discovered these programs
> 
> mail
> write
> wall
> 
> in addition they were attempting to guess passwords and even share passwords.
> 
> su
> sudo
> 
> I changed permissions on all of the above to only allow root or myself access.
> 
> I teach command line so they need to have access to a shell terminal.
> But having students start a chatting frenzy or fill logs with mail is
> annoying.
> In addition if you have generic accounts like comp1, comp2, comp3 they
> can change the default password.
> So I had to disable
> 
> passwd
> 
> for the generic accounts.
> 
> In addition I have disabled cron for everyone except root and myself.
> Disable atd. Also disabled nohup. In addtion I have a script that logs
> everyone off (kills all user processes) at the end of the school day.
> Also secured sshd.
> 
> I was hoping others on the this list could contribute
> ideas/experiences of what should/could be disabled.
> 
> 
> 
********************************************************

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.

********************************************************

More information about the K12OSN mailing list