[359] in linux-security and linux-alert archive
Re: elm and /tmp/mbox.*
daemon@ATHENA.MIT.EDU (Martin Hargreaves)
Tue Sep 12 16:21:51 1995
Date: Tue, 12 Sep 1995 19:27:07 +0100
To: linux-security@tarsier.cv.nrao.edu
From: martinh@paston.co.uk (Martin Hargreaves)
>: > >A quick kind of "fix" is to create for every user who has no .rhosts
>: > >file an empty one (or to disable r-commands altogether).
[Important note that users can move files if they own the directory]
I have a script that creates .forward, .rhosts, .netrc as d--------- in the
users homedir. A cron job checks every night for .rhosts _files_ (-type f)
and mails me or raises a low level alert. I can then check with the user
what they are doing and why they need one of these files....
Regards,
Martin.
########################################################################
# Martin Hargreaves Contract Unix System Administrator #
# (martinh@paston.co.uk) Unix & Network Security, WWW #
# Computational Chemistry #
########################################################################
[Mod: Another trick would be to create them as zero-length files and
then use 'chattr' to make them immutable. Only root can change the
immutable attribute, thus the user can make no changes (no links,
renames, deletions, or writes--even if they own the file and/or
directory) without root's permission. --Jeff]
