[K12OSN] server hardening (disable list)

Moon moon at smbis.com
Thu Sep 18 19:29:24 UTC 2008 

Nothing wrong with encouraging students to learn how to hack if that was
what was being taught, however if he is trying to teach them fundamentals of
using the OS and they are playing games and/or hosing up the systems,
impacting his ability to teach and other students to learn, then there
should be swift and sever punishment. Set ground rules right up front that
are firm and consistent. Half the problems with our educational system today
is a serious lack of discipline. Heck, some schools are paying kids to
learn. What a bunch of horse hockey.

 

-----Original Message-----
From: Rob Owens [mailto:rob.owens at biochemfluidics.com] 
Sent: Thursday, September 18, 2008 03:05 PM
To: Support list for open source software in schools.
Subject: Re: [K12OSN] server hardening (disable list)

I think you should first give those kids extra credit for being
resourceful, then give them extra credit every time they report a new
"exploit" for you to fix.  Turn it into a challenge for them and keep
them on the white hat side of things.

-Rob

Robert Arkiletian wrote:
> Some of my students (with previous Linux experience) discovered these
programs
> 
> mail
> write
> wall
> 
> in addition they were attempting to guess passwords and even share
passwords.
> 
> su
> sudo
> 
> I changed permissions on all of the above to only allow root or myself
access.
> 
> I teach command line so they need to have access to a shell terminal.
> But having students start a chatting frenzy or fill logs with mail is
> annoying.
> In addition if you have generic accounts like comp1, comp2, comp3 they
> can change the default password.
> So I had to disable
> 
> passwd
> 
> for the generic accounts.
> 
> In addition I have disabled cron for everyone except root and myself.
> Disable atd. Also disabled nohup. In addtion I have a script that logs
> everyone off (kills all user processes) at the end of the school day.
> Also secured sshd.
> 
> I was hoping others on the this list could contribute
> ideas/experiences of what should/could be disabled.
> 
> 
> 
********************************************************

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.

********************************************************


_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list