Date: Wed, 02 Apr 2014 11:41:40 -0400 From: "Kenta S." <kentas@hush.com> To: "Dan Nelson" <dnelson@allantgroup.com>, "Daniel Corbe" <corbe@corbe.net> Cc: freebsd-questions@freebsd.org Subject: Re: Disable w / who Message-ID: <20140402154140.4EC5C608CA@smtp.hushmail.com> In-Reply-To: <20140402152956.GA23453@dan.emsphone.com> References: <20140402034019.A9BE1608AE@smtp.hushmail.com> <ygfsipws5so.fsf@corbe.net> <20140402152956.GA23453@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/02/2014 at 11:30 AM, "Dan Nelson" <dnelson@allantgroup.com> wrote: > >Also remember to remove /var/run/utx.active, /var/log/utx.*, >the netstat, sockstat, and lsof commands, "sysctl security.bsd.see_other_uids=0" solves this, doesn't it? FreeBSD doesn't include lsof. >plus gcc, clang, and any ability to upload executables :) This is easily done with mount options in /etc/fstab. >Unixes weren't really designed for information-hiding at the >level you're looking for. It doesn't have to be perfect and stop everyone, just preventing regular users from seeing "w" and "who was my goal. >An alternative might be to do some sort of inbound NAT outside >the box itself, so that all incoming TCP sessions get NAT'ted to >an internal IP before hitting your server. I'll look into doing this with pf, thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140402154140.4EC5C608CA>