From owner-freebsd-questions@FreeBSD.ORG Wed Apr 2 16:41:04 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 056BF825 for ; Wed, 2 Apr 2014 16:41:04 +0000 (UTC) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx1.fisglobal.com", Issuer "VeriSign Class 3 Secure Server CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C3AB59D2 for ; Wed, 2 Apr 2014 16:41:03 +0000 (UTC) Received: from smarthost.fisglobal.com ([10.132.206.193]) by ltcfislmsgpa06.fnfis.com (8.14.5/8.14.5) with ESMTP id s32Genbu025312 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 2 Apr 2014 11:40:51 -0500 Received: from THEMADHATTER (10.242.181.54) by smarthost.fisglobal.com (10.132.206.193) with Microsoft SMTP Server id 14.3.174.1; Wed, 2 Apr 2014 11:40:46 -0500 From: Devin Teske To: "'Dan Nelson'" , "'Daniel Corbe'" References: <20140402034019.A9BE1608AE@smtp.hushmail.com> <20140402152956.GA23453@dan.emsphone.com> In-Reply-To: <20140402152956.GA23453@dan.emsphone.com> Subject: RE: Disable w / who Date: Wed, 2 Apr 2014 09:40:34 -0700 Message-ID: <09c701cf4e92$46cc7570$d4656050$@fisglobal.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQF6A8wdMXSquupMu99xac11ps3hFgMWVxkpAsWKN6KbejshYA== Content-Language: en-us X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-04-02_04:2014-04-02,2014-04-02,1970-01-01 signatures=0 Cc: "'Kenta S.'" , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2014 16:41:04 -0000 > -----Original Message----- > From: Dan Nelson [mailto:dnelson@allantgroup.com] > Sent: Wednesday, April 2, 2014 8:30 AM > To: Daniel Corbe > Cc: Kenta S.; freebsd-questions@freebsd.org > Subject: Re: Disable w / who > > In the last episode (Apr 02), Daniel Corbe said: > > "Kenta S." writes: > > > Hi. On a multiuser system, is it possible to disable access to the "w" > > > and "who" commands? I'd rather all the users not be able to see > > > each other's IP addresses. > > > > chmod og-rx /usr/bin/who && chmod og-rx /usr/bin/w > > Also remember to remove /var/run/utx.active, /var/log/utx.*, the netstat, > sockstat, and lsof commands, plus gcc, clang, and any ability to upload > executables :) Unixes weren't really designed for information-hiding at the > level you're looking for. > > An alternative might be to do some sort of inbound NAT outside the box > itself, so that all incoming TCP sessions get NAT'ted to an internal IP before > hitting your server. > What about the TrustedBSD Mandatory Access Controll (MAC) framework? mac(3) mac(4) mac(9) mac.conf(5) mac_seeotheruids(4) Specifically mac_seeotheruids(4) - simple policy controlling whether users see other users -- Devin > -- > Dan Nelson > dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.