From owner-freebsd-security  Mon Jul 17 20: 0: 4 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.appliedcard.com (mail.appliedcard.com [207.43.202.218])
	by hub.freebsd.org (Postfix) with ESMTP id 146B837B8BB
	for <freebsd-security@freebsd.org>; Mon, 17 Jul 2000 20:00:01 -0700 (PDT)
	(envelope-from Francisco_Izquierdo@appliedcard.com)
Received: from bocafwl1.appliedcard.com ([207.43.202.217])
          by mail.appliedcard.com (Lotus Domino Release 5.0.2a)
          with SMTP id 2000071722591050:54628 ;
          Mon, 17 Jul 2000 22:59:10 -0400 
Subject: Secured access
To: freebsd-security@freebsd.org
X-Mailer: Lotus Notes Release 5.0.2c  February 2, 2000
Message-ID: <OFB5E12390.852ED02F-ON85256920.000F711B@appliedcard.com>
From: Francisco_Izquierdo@appliedcard.com
Date: Mon, 17 Jul 2000 22:59:14 -0400
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on BocaRaton1/WILM/ACS(Release 5.0.3 |March 21, 2000) at 07/17/2000 10:59:15 PM,
	Itemize by SMTP Server on BocaRaton4/WILM/ACS(Release 5.0.2a |November 23, 1999) at 07/17/2000 10:59:10 PM,
	Serialize by Router on BocaRaton4/WILM/ACS(Release 5.0.2a |November 23, 1999) at 07/17/2000 10:59:14 PM,
	Serialize complete at 07/17/2000 10:59:14 PM
Content-type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I have been following this list for a while, and it seems to me this is the
right place to pose this question.

I have to place a server outside a firewall, unprotected out on the net.  I
also have to grant telnet access to some users.  I would like to limit what
access the users have to the machine to just telnet and ftp.  I also would
like to prevent them from doing anything unauthorized on the server.  I
understand there are solutions like jail, chroot and rsh.

SSH is a possibility as alternative access to telnet, but it still does not
tell me how to lock a user in a sandbox.  I need to have the users stay in
this sandbox even when they are using programs that allow shell escapes,
such as vi.

Which methods would you use to secure your own box if it was available to
anyone without any firewall protection?


Regards,
Francisco Izquierdo



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message