On Thursday 23 January 2003 13.45, DEFFONTAINES Vincent wrote: > You can > 1. Remove the users access to the ssh program > (eg change ownership and rights of /usr/bin/ssh and create a "ssh" group > for allowed outgoing ssh users). > 2. Mount /home, /tmp and any other place users might have write access on > with the "noexec" switch, so they can only use binaries installed (and > allowed to them) on the system.
Will this noexec thing really work? It was a while ago, but i read that you could use something in /usr/lib or something to still be able to execute in noexec directories? Is the bug gone? Alex > > > -----Original Message----- > > From: Iñaki Martínez [mailto:[EMAIL PROTECTED] > > Sent: Thursday 23 January 2003 13:18 > > To: Charl Matthee > > Cc: [email protected] > > Subject: Re: question about SSH / IPTABLES > > > > > > Kaixo Charl Matthee!!! > > > > > If you want to use iptables then allow incoming ssh > > > > requests from the > > > > > relevant hosts and disallow outgoing ssh request from the server: > > > > > > iptables -A OUTPUT -j REJECT -p tcp --destination-port 22 > > > > But if the client jump to another port???? > > > > $ ssh -p 25 remote_ip > > > > > > I think there is no COMPLETE solution........ > > > > > > Thanks.... > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED]
