[EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] wrote:
>
>
>>I have users accessing to the bash shell of my Gentoo Server, my
>>question is:
>>
>>How can secure my server with this users accessing to shell? ,
>>
>>How can I monitor this server to see what users have done? Is there
>>available tools for that?
>>
>>I'd like to allow every user to access ONLY its home directory, I mean
>>he only can work in his directory...
>>
>>
>
>This isn't a great situation, but the only thing I can think of that
>comes close is to use mandatory access controls, such as grsecurity's
>RBAC.
>
>
>
>
Hi,
An addition to the above suggestion: try out some of Gentoo's hardened
projects: RSBAC or SELinux.
Some months ago there were a testing install (public-access) of an
RSBAC-system (adamantix == Gentoo-RSBAC) with user access to the machine
and the goal was to hack/attack it and bring down the machine. Lasted
quite a week, nobody broke in.
At the end there were logs, info etc.
Something more, during the last one/two days a Security Advisory was on
a way to public and before releasing it the author tried it on the
machine - no luck (he succeeded only after asking the people running the
test to disable a feature) all this info was only announced after the
advisory went public with patches.
So this project has some protection against new bugs too.
PS: think there is a public SElinux machine too, or at least there was.
HTH. Rumen
--
[email protected] mailing list
