Re: Disabling netstat
Maybe you should take a look at the grsecurity kernel patch.
You can configure it that way that normal users can't see certain info
in /proc
The homepage is at www.grsecurity.net
groet
Leo
On Sun, Apr 20, 2003 at 08:06:51AM -0500, Brian McGroarty wrote:
> I'd like to disable netstat and similar programs for my shell
> users. One of my users runs a MUCK (like a MUD) and would like to
> protect the MUCK users' network locations from other shell users.
>
> I'm running with a 2.4 kernel with /proc, and so netstat is an
> unprivileged utility that merely grabs information out of /proc/net.
>
> My thought was to chmod away /proc/net in a startup script,
> unfortunately a chmod within /proc doesn't seem to take effect. I can
> chmod the mount point (/proc), but if I do this, it also defeats
> killall, ps, top and other essential tools for the users.
>
>
> Is there a way to chmod away just parts of /proc?
>
>
> Or is there a more conventional approach to disabling netstat and
> related /proc info for unprivileged users?
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Leo .----- leo@illinois.e-concepts.be
____ / Eraly
\/
"Originality is the art of concealing your sources."
Reply to: