Lock down WWW Access
Michael Scully
agentscully at flexiblestrategies.com
Sat Feb 25 01:14:15 UTC 2006
Job:
Well for one thing, you could remove public execute status for
firefox and any other browsers on the system, put all www-enabled users in a
common group, and only allow that group to execute those programs. They
could still send and receive email though, which I assume you'd still want.
That would go for other individual programs. Most system utilities
that still show on the menus prompt for the root password before they will
run.
Scully
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Job Cacka
Sent: Friday, February 24, 2006 4:52 PM
To: RedHat Mailing List
Subject: Lock down WWW Access
In the past we have restricted WWW access for individual logins by allowing
or denying access to the proxy server for an individual login. This has
worked great for Windows boxes.
On a Redhat ES 4 server we have enabled X11 and we are using various thin
clients to connect to the server. We are using KDE to provide a desktop. We
have removed most of the menu options although if the user was sofisticated
enough they could add them back to the panel or create an icon to provide
them selves access to the WWW, Games, and various other distractions that we
would rather not leave open. Right now we are securing by obscurity, and we
would like to get away from this.
What I would like to do is:
1. Remove all games from the Red Hat server or at least non-root access to
them.
2. Have the option to allow or deny WWW access per login. Without
restricing local browser functionality.
3. Allow or deny access to individual menu items per login.
So how do I do this? What is the most efficient method? I will need to be
able to do this for 100+ logins spread over 3 servers in the future.
This is in limited production now and is working well with less than a dozen
logins.
Job Cacka
Network Administrator
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list