Securing for shells - Security

This is a discussion on Securing for shells - Security ; Hello, I'm not a new person at Linux security and have been using the operating system for three to four years now, though I normally don't venture into shells. However, I'm developing and testing a daemon that I don't quite ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Securing for shells

  1. Securing for shells

    Hello,

    I'm not a new person at Linux security and have been using the operating
    system for three to four years now, though I normally don't venture into
    shells. However, I'm developing and testing a daemon that I don't quite
    trust--while it is running as a restricted user, I don't quite know what
    other things I should do to secure the system to make sure that a
    regular user doesn't have access to files that he shouldn't. I think
    that finding out what files these are would essentially be the same
    steps taken to secure a shell server.

    I'm also considering setting up a shell server on a separate network.
    Can anyone give me some other good pointers on securing a shell server?

    Thanks.

    --
    Irayo

  2. Re: Securing for shells

    Irayo wrote:
    > Hello,
    >
    > I'm not a new person at Linux security and have been using the operating
    > system for three to four years now, though I normally don't venture into
    > shells. However, I'm developing and testing a daemon that I don't quite
    > trust--while it is running as a restricted user, I don't quite know what
    > other things I should do to secure the system to make sure that a
    > regular user doesn't have access to files that he shouldn't. I think
    > that finding out what files these are would essentially be the same
    > steps taken to secure a shell server.
    >
    > I'm also considering setting up a shell server on a separate network.
    > Can anyone give me some other good pointers on securing a shell server?
    >
    > Thanks.
    >


    One option is to use an application based firewall like SUSE's AppArmor.
    Then you can effectively create a version of bash for a particular
    user that can ONLY access what you want THAT user to be able to access.
    Pretty slick... but perhaps overkill (??).


+ Reply to Thread