[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting outbound access?

>>>>> "Steve" == Steve Meyer <steve11523@hotmail.com> writes:

Steve> I have a question.  Is there any way to restrict outbound access
Steve> for all but a few users?

You can check out the grsecurity patches, which are currently in sid
(and probably woody too), package kernel-patch-2.4-grsecurity.  I can't
imagine that it would be any problem downloading the package and
installing it on a potato box, though, if that's what you have, or you
can get it from <URL:http://www.grsecurity.net/>.  It works best with
the latest kernel (currently 2.4.18).

It actually works the other way around -- you add users that you don't
want to have outbound access to a special group -- but you get the same

It also allows you to stop users from creating processes that listen on
network ports too, which you probably would want to have too.

Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Attachment: pgp6ImRyO4QTc.pgp
Description: PGP signature

Reply to: