Date: Thu, 31 Jan 2002 00:53:22 -0500 From: "C J Michaels" <cjm2@earthling.net> To: "ekoz" <ekoz@melsa.net.id> Cc: <freebsd-questions@freebsd.org> Subject: RE: ps -aux Message-ID: <OGEFLCDDBCNNBEFGIFEFKEKHCAAA.cjm2@earthling.net> In-Reply-To: <021901c1aa11$fe562930$d4e18aca@melsa.net.id>
next in thread | previous in thread | raw e-mail | index | archive | help
ekoz,
1. Ditch the HTML e-mails, most people on this list delete them.
2. Did you check the man page for ps(1)? If you do you'll find this:
SYNOPSIS
ps [-aCcefhjlmrSTuvwx] [-M core] [-N system] [-O fmt] [-o fmt] [-p pid]
[-t tty] [-U username] [-W swap]
ps [-L]
[...]
-U Display the processes belonging to the specified username.
3. Securing the box... gawd, where to begin... There's got to be a faq out
there somewhere.
I would suggest the following (this is by no means complete):
a. Enable QUOTAs and configure them.
b. Enable a firewall of some sort, ifpw or ipfilters, lock it down
and set it up stateful to make it more difficult for users to make
use of listening (daemon/server) processes. (e.g. starting their
own irc server.)
c. Configure /etc/login.conf with some fairly restrictive limits,
based on what you want your users to be able to do, and your system
resources. This will help cut down on one person eating up all your
resources (cpu, memory, pids, etc..)
d. I would restrict /sbin, /usr/sbin from everyone but gid=operator, but
that's just me, at the very least I wouldn't allow them to use
ping/traceroute and the like.
e. Run something like jack-the-ripper to ferrit out simple, easily cracked
passwords.
4. Remember to check all available resources (handbook, FAQ, mailing list
archives) before asking a question, there are alot of people who put alot of
hard work into documenting this great operating system. Don't let it be in
vain.
http://www.freebsd.org/docs.html#books <<-- where the docs are.
Also, check out: http://www.freebsddiary.org/
Hope this helps,
--Chris
-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of ekoz
Sent: Wednesday, January 30, 2002 11:45 PM
To: freebsd-questions@FreeBSD.ORG
Subject: ps -aux
Hi All,
I have a silly question..:) , How to make "ps -aux" only show user's process
not all the process and how to make my shell server more secure. By the way
, its about 10 to 20 user log in to my server.
TIA
ekoz
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OGEFLCDDBCNNBEFGIFEFKEKHCAAA.cjm2>