| View previous topic :: View next topic |
| Author |
Message |
remcohn
n00b
Joined: 29 Dec 2004
Posts: 25
|
 Posted: Tue Feb 21, 2006 7:11 pm Post subject: hiding other users stuff from w/who/ps |
 |
|
is it possible to make w/who/ps/others only show the information of that users? so users cant see eachothers information?
i have seen some things like selinux, hardened use flag and grsecurity, but what is the most eazy way for it?
thanks,
remco |
|
| Back to top |
|
 |
frenkel
Veteran
Joined: 13 May 2003
Posts: 1034
Location: .nl
|
| Posted: Tue Feb 21, 2006 7:12 pm Post subject: |
|
|
| SELinux is the only possibility to completely restrict this. |
|
| Back to top |
|
|
remcohn
n00b
Joined: 29 Dec 2004
Posts: 25
|
| Posted: Tue Feb 21, 2006 7:13 pm Post subject: |
|
|
ive read thrue the first couple of pages of the SElinux documentation there on the gentoo site, but it looks rather complicated :-/
do i need to enable grsecurity in the hardened kernel to be able to hide that user info? |
|
| Back to top |
|
|
TJNII
l33t
Joined: 09 Nov 2003
Posts: 648
Location: for(;;);
|
| Posted: Tue Feb 21, 2006 8:02 pm Post subject: |
|
|
| IMHO grsecurity. Painless set-up for me. |
|
| Back to top |
|
|
remcohn
n00b
Joined: 29 Dec 2004
Posts: 25
|
| Posted: Tue Feb 21, 2006 8:16 pm Post subject: |
|
|
that looks eazyer  thanks!
remco |
|
| Back to top |
|
|
MrUlterior
Guru
Joined: 22 Mar 2005
Posts: 511
Location: Switzerland
|
| Posted: Wed Feb 22, 2006 11:06 am Post subject: |
|
|
If those are your only requirements, grsecurity/selinux seems overkill. Why not just ensure that the user's group has no execute on /bin/ps, /bin/who /usr/bin/w ? Alternatively just chroot them without those executables.
_________________
Misanthropy 2.0 - enough hate to go around
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
MrUlterior
Guru
Joined: 22 Mar 2005
Posts: 511
Location: Switzerland
|
| Posted: Wed Feb 22, 2006 11:12 am Post subject: |
|
|
| UberLord wrote: | | MrUlterior wrote: | | If those are your only requirements, grsecurity/selinux seems overkill. Why not just ensure that the user's group has no execute on /bin/ps, /bin/who /usr/bin/w ? Alternatively just chroot them without those executables. |
What's to stop them from finding that out by trolling through /proc? |
Nothing at all, and nothing prevents them building top, ps, w or who in their home dir assuming a compiler is available. But if all the OP is after is a little obscurity, that provides it.
_________________
Misanthropy 2.0 - enough hate to go around
|
|
| Back to top |
|
|
remcohn
n00b
Joined: 29 Dec 2004
Posts: 25
|
| Posted: Wed Feb 22, 2006 11:15 am Post subject: |
|
|
i already got grsecurity running, that was only recompiling a hardened-sources kernel with one or 2 extra options enabled. was done in 15 minutes.
remco |
|
| Back to top |
|
|
|
Networking & Security
