> Does anyone out there have some advice they could share with me on > security? My first real exposure to linux was this summer when we decided > to go all out and run all our school's dorm computers as LTSP stations... > > Specifically my concern is this: On all our the PCs (yes, I'm paranoid, > and yes it's been justified many times over :) in our system i have used > registry hacks to hide the C: drive, disable command prompts, etc... This > year especially we have actually had THREATS from students to try and hack > our servers. The gall! ... I guess maybe what I'm asking is what can I chmod 770 (?) to lock it down; the less they can read of my config files the better... I don't want to do something however like chmod 770 /etc and then have my system not startup! ...
*** Well first off don't blanket chmod 770 anything unless you know exactly what you're doing (which files will be affected). Chmod 770 /etc will break your system instantly (files like passwd, group, and a whole bunch more need to be readable by everyone). So I would forget about the chmod thing on /etc. Security is an ongoing thing and a system is only as secure as the system admin makes it. So it's a good idea to start reading up on security. Also it's a good thing to join a couple of security mailing lists so that you are informed of the latest vulnerability that needs to be fixed. How old are the kids? I find 'threats' of hacking and kids who call themselves hackers are nothing more than script kiddies or wannabees - there's only a rare few that truly would understand. Windows is insecure by default and if that's all the kids were exposed to in the past then they will find Linux more difficult to mess with. AnyWays here's a couple of suggestions. I would research them thoroughly: - TripWire (or similiar). Lets you know which files on the system have been changed. - chkrootkit. Run this program periodically to see if your system has been compromised. - Mark /home, /tmp partition "noexec"...If you have a /var/tmp directory then I would symbolic link /var/tmp to /home/var_tmp. "noxec" can be by-passed but you have to know how. - Recompile your kernel with BSD STYLE ACCOUNTING enabled. This will record every command/executable a user runs. You can query the entire database for particular commands or query all commands by a user - Very useful. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
