Re: Securing for shells

Irayo wrote:
Hello,

I'm not a new person at Linux security and have been using the operating
system for three to four years now, though I normally don't venture into
shells. However, I'm developing and testing a daemon that I don't quite
trust--while it is running as a restricted user, I don't quite know what
other things I should do to secure the system to make sure that a
regular user doesn't have access to files that he shouldn't. I think
that finding out what files these are would essentially be the same
steps taken to secure a shell server.

I'm also considering setting up a shell server on a separate network.
Can anyone give me some other good pointers on securing a shell server?

Thanks.


One option is to use an application based firewall like SUSE's AppArmor.
Then you can effectively create a version of bash for a particular
user that can ONLY access what you want THAT user to be able to access.
Pretty slick... but perhaps overkill (??).

.

Relevant Pages

  • Securing for shells
    ... I'm not a new person at Linux security and have been using the operating system for three to four years now, though I normally don't venture into shells. ... However, I'm developing and testing a daemon that I don't quite trust--while it is running as a restricted user, I don't quite know what other things I should do to secure the system to make sure that a regular user doesn't have access to files that he shouldn't. ... I think that finding out what files these are would essentially be the same steps taken to secure a shell server. ...
    (comp.os.linux.security)
  • re: Strange command histories in hacked shell server
    ... that anyone can connect to the shell server ... I have a somewhat rudimentry hardening guide for FreeBSD at ... >What should I do in order to secure my shell server? ...
    (FreeBSD-Security)