[oclug] In house security
Vic Gedris
vic at worldwidepunk.com
Mon Aug 13 13:13:17 EDT 2001
On Mon, 13 Aug 2001, Chris Church wrote:
> Greetings all,
>
> I am considering increasing the security on my gateway which is linux
> box and I wanted to restrict access to commands on that system from
> people on our internal network. Can I change all the files in /sbin and
> /etc to be
> read only by root or change the permissions from 755 to 754 or 750. I
> have found evidence of people just poking around the system for reasons
> of their own and I am not sure what a secure gateway/server should look
> like to the inside user.
>
> If I can do this with adversely effecting the systems operations then
> what other directories can I change permissions on. Also is there a way
> of restricting access of just one individual?
Chris,
Is there a good reason for why you actually allow people to be on your
gateway?
Permissions would depend entirely on what those users *need* to do on
the gateway (I'm still wondering WHY they are there). Something like
/usr/sbin/traceroute might be useful to people.
You might want to look into creating groups for those people who need
access to certain directories/files/programs too.
-Vic
--
------------------------------------------------------------------------
WORLD WIDE PUNK http://www.worldwidepunk.com
vic-at-worldwidepunk.com PO Box 52051, Ottawa Ontario, K1N 5S0, CANADA
------------------------------------------------------------------------
More information about the OCLUG
mailing list