[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Disabling netstat

On Sat, Apr 19, 2003 at 09:54:36AM -0500, Brian McGroarty wrote:
> I'd like to disable netstat and similar programs for my shell
> users. One of my users runs a MUCK (like a MUD) and would like to
> protect the MUCK users' anonymity from other shell users.
> I'm running with a 2.4 kernel with /proc, and so netstat is an
> unprivileged utility that merely grabs information out of /proc/net.
> My thought was to chmod away /proc/net in a startup script,
> unfortunately a chmod within /proc doesn't seem to take effect. I can
> chmod the mount point (/proc), but if I do this, it also defeats
> killall, ps, top and other essential tools for the users.
> Is there a way to chmod away just parts of /proc?

I don't think tihs can work...

> Or is there a more conventional approach?

I'm not really sure.  My first thought would be to have a look at
grsecurity (www.grsecurity.net, iirc), since it has a bunch of options
like that.  Beyond that, I'm not really sure.  If chmod'ing doesn't
work, it's because the kernel doesn't support it; fixing that is well
beyond my skills :)

Rob Weir <rweir@ertius.org>                              http://www.ertius.org/
GPG keys: 1024D/1E73B7CD, 4096R/3ABDE5EC     |      Do I look like I want a CC?
Words of the day:    Leitrim bemd infowar Panama gamma Bellcore Dateline Merlin

Attachment: pgpwJs2BGdLuC.pgp
Description: PGP signature

Reply to: