Hi everybody,
Finally, the SUMMARY.
The original question was:
>
> Hi Solaris gurus,
>
> For security concern, I do not want the users be able to create
> a .rhosts file in their home directory. I am using Solaris 2.4 on a
> SparcServer 20.
>
> I began to create myself a .rhosts in each user directory with the
> protection 440 and put root as owner of that file but the user is able to
> overwrite it (just move a file over it with the same name...). So I realized
> that I cannot lock a file in a user directory if the parent directory is owned
> by that user. :-(
>
> The other solution I am thinking is to have a cron reporting me daily
> all the .rhosts it will find via mail.
>
> So, I would like to know if there is a more effective way to
> prevent any users to create a .rhosts file in their home directory.
>
> Thanks in advance,
>
Principally, we got 5 different answers:
1) Use tcpwrappers: It is found at the ftp site cert.org in the
directory /pub/tools/tripwire (It is the option we have
chosen and it works very well!).
2) run a cron at each x minutes to remove all the .rhosts in the
user account. (We do not like to add another cron running at
each x minutes on our systems. If we can avoid it...).
3) Use logdaemon. (This software seems good also...).
4) Desactivate the access to .rhosts in the good library using
a binary editor. (Drastic :-/)
5) Comment rlogin/rsh services in /etc/inetd.conf (No flexibility...)
Special thanks to:
Thomas Jordan jordan@bell-atl.com
Yves Lepage yves@cc.mcgill.ca
Andrej Misik Andrej.Misik@fmph.uniba.sk
David Sammut <sammut@citr.uq.oz.au>
Kira Attwood <kira@ice-nine.dorm.virginia.edu>
Brian T. Wightman wightman@sol.acs.uwosh.edu
Christopher Davis <ckd@loiosh.kei.com>
Friedel Loinger <friedel@wise1.tau.ac.il>
Juergen Peus (grobi@uni-paderborn.de)
Peter Allan peter.allan@aeat.co.uk
Jochen Bern bern@penthesilea.uni-trier.de
James W. Williams williams@atscv1.atsc.allied.com
Richard Pieri <ratinox@unilab.dfci.harvard.edu>
Steve ssd@nevets.oau.org
David dburton@mpc-uk.com
Adam Fox adamfox@super.org
Steve Young <syoung@cs.Buffalo.EDU>
and others...
>
> Hi Solaris gurus,
>
> For security concern, I do not want the users be able to create
> a .rhosts file in their home directory. I am using Solaris 2.4 on a
> SparcServer 20.
>
> I began to create myself a .rhosts in each user directory with the
> protection 440 and put root as owner of that file but the user is able to
> overwrite it (just move a file over it with the same name...). So I realized
> that I cannot lock a file in a user directory if the parent directory is owned
> by that user. :-(
>
> The other solution I am thinking is to have a cron reporting me daily
> all the .rhosts it will find via mail.
>
> So, I would like to know if there is a more effective way to
> prevent any users to create a .rhosts file in their home directory.
>
> Thanks in advance,
>
-- \\~ ~// ( o o ) ------------------------o000o----0----o000o------------------------- Michel Pilon E-mail: michel.pilon@CCG.RNCan.gc.ca Administrateur de systemes Unix Tel: (819) 564-5600 ext.4885 Centre Canadien de Geomatique Fax: (819) 564-5698 2144 King Ouest, suite 010, Sherbrooke, Quebec, Canada, J1J 2E8
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:25 CDT