From owner-freebsd-security Mon Apr 1 21:56:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by hub.freebsd.org (Postfix) with ESMTP id BA8A737B416 for ; Mon, 1 Apr 2002 21:56:47 -0800 (PST) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id A793E28B5D; Tue, 2 Apr 2002 00:56:46 -0500 (EST) Date: Tue, 2 Apr 2002 00:56:46 -0500 (EST) From: Peter Leftwich X-X-Sender: To: Jesper Wallin Cc: FreeBSD Security List Subject: Re: Stop usage of "who"? [doing things the hard way] In-Reply-To: <1501.213.112.58.125.1017722696.squirrel@phucking.kicks-ass.org> Message-ID: <20020402005030.D5931-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2 Apr 2002, Jesper Wallin wrote: > Hey.. This night I was taking a look at the local security and decided to make > this system more like a it was a huge wall between all the users.. The first > thing I wanted to do was to limit the access to top and ps.. This was done Did you want to limit the access to the top and ps binaries (type `man chmod ; man chgrp`) or limit the information these binaries display? > very easy with "sysctl -w kern.ps_showallprocs=0" and edit the > /etc/sysctl.conf.. Now I want to stop usage of commands like w, who and When I looked at `man sysctl` the manpage said that "-w" has been deprecated (i.e. the powers that be discourage its use) and my /etc/sysctl.conf file is basically empty except for comments. > users.. I guess it must be able to change somewhere in the proc dir instead > of changing the permissons on all the executables.. What? > Another thing I want to do (if it's possible) is to add a default quota.. I love when people ask if something is possible! Ahem, this is FreeBSD?! > like, all new users who's being added will have about 500Mb of disk space.. In the /etc/rc.conf file enable_quotas="NO" # turn on quotas on startup (or NO). check_quotas="NO" # Check quotas on startup (or NO). accounting_enable="YES" # Turn on process accounting (or NO). Change the first two to "YES" and also check out `man quota` for info. > Jesper aka Z3l3zT What's a "zelezt?" -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message