[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting outbound access?



>>>>> "Steve" == Steve Meyer <steve11523@hotmail.com> writes:

Steve> I have a question.  Is there any way to restrict outbound access
Steve> for all but a few users?

You can check out the grsecurity patches, which are currently in sid
(and probably woody too), package kernel-patch-2.4-grsecurity.  I can't
imagine that it would be any problem downloading the package and
installing it on a potato box, though, if that's what you have, or you
can get it from <URL:http://www.grsecurity.net/>.  It works best with
the latest kernel (currently 2.4.18).

It actually works the other way around -- you add users that you don't
want to have outbound access to a special group -- but you get the same
effect.

It also allows you to stop users from creating processes that listen on
network ports too, which you probably would want to have too.

-- 
Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Attachment: pgpu9OagTaRhV.pgp
Description: PGP signature


Reply to: