Jose wrote:
Hi.
Hi,
I intent make a new server, with a security trigger
If anybody try make a login with root or other user and dont use a
corrent password . this triger erase a home of this user and if try to
login as root this triger erase all file system
The way I undestand your question is so:
Your company has a few people who are allowed to log into the server to
see the confidential information. For this example let us say that only
User A and User B are allowed to see the confidential documents. User C
is also allowed to log into the server but is not allowed to view the
confidential documents.
User C now tries to see the confidential documents by using the username
and what he thinks User A' password is ie he wants to login as though he
was User A.
User C however does not know User A; correct password and so your
security trigger deletes all of User A' /home directory.
Doing this would require you to restore User A' /home directory from
your backup before User A logged into the system again.
Before you have managed to restore User A' /home directory User C
decides to try and access the confidential documents again using what he
thinks is the correct root password.
The login fails and as a result of your security trigger, / is deleted
requiring you to completely rebuild and restore everything on the server.
I might not be reading this correctly but if you manage to do what I
read from your post, it would result in you having to almost continually
restore from backups and rebuild the nmachine, as the number of logins
that use the incorrect password, as you said earlier, is high.
My suggestion would be to either implement two factor authentication
system so that the incorrect person has no way of having both/knowing
both of the security checks OR to learn how to use the Linux filesystem
ownership so that only certain users will have access to those
confidential files.
One last suggestion would be to somehow send you an alert of which PC
had the failed login attempt and then ask that person why they are
trying to acess confidential documents and possibly threaten them with
the loss of their job if it happens again.
For more information I suggest you search for a list in your home
language about security. You can try and join
[email protected]
HTH
--
========================================================================
Using SuSE 9.2 Professional with KDE and Mozilla Mail 1.7.13
Linux user # 229959 at http://counter.li.org
========================================================================
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
