Date: Wed, 2 Apr 2014 10:29:56 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Daniel Corbe <corbe@corbe.net> Cc: "Kenta S." <kentas@hush.com>, freebsd-questions@freebsd.org Subject: Re: Disable w / who Message-ID: <20140402152956.GA23453@dan.emsphone.com> In-Reply-To: <ygfsipws5so.fsf@corbe.net> References: <20140402034019.A9BE1608AE@smtp.hushmail.com> <ygfsipws5so.fsf@corbe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Apr 02), Daniel Corbe said: > "Kenta S." <kentas@hush.com> writes: > > Hi. On a multiuser system, is it possible to disable access to the "w" > > and "who" commands? I'd rather all the users not be able to see each > > other's IP addresses. > > chmod og-rx /usr/bin/who && chmod og-rx /usr/bin/w Also remember to remove /var/run/utx.active, /var/log/utx.*, the netstat, sockstat, and lsof commands, plus gcc, clang, and any ability to upload executables :) Unixes weren't really designed for information-hiding at the level you're looking for. An alternative might be to do some sort of inbound NAT outside the box itself, so that all incoming TCP sessions get NAT'ted to an internal IP before hitting your server. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140402152956.GA23453>