On Sat, Apr 19, 2003 at 09:54:36AM -0500, Brian McGroarty wrote: > I'd like to disable netstat and similar programs for my shell > users. One of my users runs a MUCK (like a MUD) and would like to > protect the MUCK users' anonymity from other shell users. > > I'm running with a 2.4 kernel with /proc, and so netstat is an > unprivileged utility that merely grabs information out of /proc/net. > > My thought was to chmod away /proc/net in a startup script, > unfortunately a chmod within /proc doesn't seem to take effect. I can > chmod the mount point (/proc), but if I do this, it also defeats > killall, ps, top and other essential tools for the users. > > Is there a way to chmod away just parts of /proc? I don't think tihs can work... > Or is there a more conventional approach? I'm not really sure. My first thought would be to have a look at grsecurity (www.grsecurity.net, iirc), since it has a bunch of options like that. Beyond that, I'm not really sure. If chmod'ing doesn't work, it's because the kernel doesn't support it; fixing that is well beyond my skills :) -- Rob Weir <rweir@ertius.org> http://www.ertius.org/ GPG keys: 1024D/1E73B7CD, 4096R/3ABDE5EC | Do I look like I want a CC? Words of the day: Leitrim bemd infowar Panama gamma Bellcore Dateline Merlin
Attachment:
pgpwJs2BGdLuC.pgp
Description: PGP signature