Google
 
Web QrooniX

Friday, August 24, 2007

Restricted Bash (rbash) and Hack-ish Jail

Why hack-ish? Well, I didn't use the formal chroot and other jail technologies to restrict some users. The premise is that certain users will use very basic set of commands:

ls
less
ping
tail
ps
top
grep

Create a group for the restricted users:

groupadd monitoringteam

Create a common home and bin directory:

mkdir -p /home/monitor/bin

Add a user:

useradd monitor-guy -g monitoringteam -d /home/monitor -s /bin/rbash

Create (or copy from /etc/skel) .bash_profile and .bashrc inside /home/monitor and add the following:

export PATH=~/bin

Go to the bin directory under /home/monitor and create the soft links of the basic commands:

cd /home/monitor/bin
ln -s /bin/command_here commandname_here

Note: some of the commands are at /usr/bin/, just use 'which' to know the paths. You can fine tune this set-up :) As I said, this is hack-ish, quick and grungy.

Labels: , , ,


Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?