harden-clients idea
Hi folks!
I just had an idea the other, er..., night, that still seemed smart when
I woke up, so I figured I'll post it here in case it is... :-)
The problem with e.g. telnet isn't really that it shouldn't be used for
anything, but that it shouldn't be used by somebody. It is quite OK to
use to check what the webserver responds to a particular request, for
example. But, you wouldn't want ma to use it and send her password in
cleartext.
What I did was that I changed group ownership of /usr/bin/telnet.netkit
to staff and made it executable for only root and staff. I figured,
something like that could harden-clients do too, configurable through
standard means.
That way, people with correct privileges could still use telnet for
sensible things, yet the admin would be warned if they did something
very careless with other packages.
Clever? :-)
(I'm not currently subscribed to this list, please keep me on the CC)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/
Reply to: