Date: Wed, 2 Apr 2014 09:40:34 -0700 From: Devin Teske <devin.teske@fisglobal.com> To: "'Dan Nelson'" <dnelson@allantgroup.com>, "'Daniel Corbe'" <corbe@corbe.net> Cc: "'Kenta S.'" <kentas@hush.com>, freebsd-questions@freebsd.org Subject: RE: Disable w / who Message-ID: <09c701cf4e92$46cc7570$d4656050$@fisglobal.com> In-Reply-To: <20140402152956.GA23453@dan.emsphone.com> References: <20140402034019.A9BE1608AE@smtp.hushmail.com> <ygfsipws5so.fsf@corbe.net> <20140402152956.GA23453@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Dan Nelson [mailto:dnelson@allantgroup.com] > Sent: Wednesday, April 2, 2014 8:30 AM > To: Daniel Corbe > Cc: Kenta S.; freebsd-questions@freebsd.org > Subject: Re: Disable w / who > > In the last episode (Apr 02), Daniel Corbe said: > > "Kenta S." <kentas@hush.com> writes: > > > Hi. On a multiuser system, is it possible to disable access to the "w" > > > and "who" commands? I'd rather all the users not be able to see > > > each other's IP addresses. > > > > chmod og-rx /usr/bin/who && chmod og-rx /usr/bin/w > > Also remember to remove /var/run/utx.active, /var/log/utx.*, the netstat, > sockstat, and lsof commands, plus gcc, clang, and any ability to upload > executables :) Unixes weren't really designed for information-hiding at the > level you're looking for. > > An alternative might be to do some sort of inbound NAT outside the box > itself, so that all incoming TCP sessions get NAT'ted to an internal IP before > hitting your server. > What about the TrustedBSD Mandatory Access Controll (MAC) framework? mac(3) mac(4) mac(9) mac.conf(5) mac_seeotheruids(4) Specifically mac_seeotheruids(4) - simple policy controlling whether users see other users -- Devin > -- > Dan Nelson > dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09c701cf4e92$46cc7570$d4656050$>