Date: Mon, 17 Jan 2000 00:40:45 +1100 From: aunty <aunty@comcen.com.au> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <20000117004045.G14280@comcen.com.au> In-Reply-To: <200001161255.GAA19043@alecto.physics.uiuc.edu> References: <20000116214058.D14280@comcen.com.au> <200001161255.GAA19043@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 16, 2000 at 06:55:46AM -0600, Igor Roshchin wrote: > > I realize that everybody might have local rather weird situation. > However, it sounds like you have some problems which are not related > to the _system_ administration, but just to the _personnel_ administration. Show me a site that doesn't :-) How many incidents are the result of a mistake or lack of insight/understanding or communication of the personnel? Enough to make optimistic predictions about future staff actions unwise. > I mean that you are trying protect your machine from somebody else, > changing its configuration (modification of /etc/shells, /etc/inetd.conf).. > > System can not be made fool-proof from one who has root-priveleges. :) Certainly :-) That doesn't mean one should stop offering extra precautions. Even if they don't deserve protection from themselves, their users do. For this particular machine, the security/convenience balance can afford to sway towards less convenient and more safe, so why not. > Let me through in one more stone in this pile of solutions. > Unless I missed it, nobody has mentioned it yet. > > One can configure tcpd (tcpwrappers) - "hosts.deny" (hosts.allow) file > to disallow any external access from any host via any protocol, > while allowing connections from specific hosts via specific protocols. > > While this does not do any per user access limitations, it still > can help you or other folks asking earlier in armoring their boxes. > > Hope, this helps... Thanks :-) -- Regards, -*Sue*- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000117004045.G14280>