RE: Lock down WWW Access

Job:

Well for one thing, you could remove public execute status for
firefox and any other browsers on the system, put all www-enabled users in a
common group, and only allow that group to execute those programs. They
could still send and receive email though, which I assume you'd still want.

That would go for other individual programs. Most system utilities
that still show on the menus prompt for the root password before they will
run.

Scully


-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]
On Behalf Of Job Cacka
Sent: Friday, February 24, 2006 4:52 PM
To: RedHat Mailing List
Subject: Lock down WWW Access

In the past we have restricted WWW access for individual logins by allowing
or denying access to the proxy server for an individual login. This has
worked great for Windows boxes.

On a Redhat ES 4 server we have enabled X11 and we are using various thin
clients to connect to the server. We are using KDE to provide a desktop. We
have removed most of the menu options although if the user was sofisticated
enough they could add them back to the panel or create an icon to provide
them selves access to the WWW, Games, and various other distractions that we
would rather not leave open. Right now we are securing by obscurity, and we
would like to get away from this.

What I would like to do is:
1. Remove all games from the Red Hat server or at least non-root access to
them.
2. Have the option to allow or deny WWW access per login. Without
restricing local browser functionality.
3. Allow or deny access to individual menu items per login.

So how do I do this? What is the most efficient method? I will need to be
able to do this for 100+ logins spread over 3 servers in the future.

This is in limited production now and is working well with less than a dozen
logins.


Job Cacka
Network Administrator

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Lock down WWW Access
    ... In the past we have restricted WWW access for individual logins by allowing ... On a Redhat ES 4 server we have enabled X11 and we are using various thin ... restricing local browser functionality. ...
    (RedHat)
  • Re: Compromised Server? Anyone recognize the suspect Services?
    ... I finally discovered that there was a whole folder structure under ... Event viewer shows normal logins, but I did not have it set to record ... there are a bunch of logins for Website Accounts created by the ... order to find those files on the Web Server I had to make sure that System ...
    (microsoft.public.windows.server.networking)
  • Re: Sql Server 2005 Dev. Ed. on Windows Server 2003
    ... Check out this KB which is about transferring Logins: http://support.microsoft.com/kb/246133 ... Also, since this is running on a newly installed Windows Server 2003, is ... them from your older SQL Server instance to the newer one. ...
    (microsoft.public.sqlserver.setup)
  • Re: Enabling STARTTLS in Exchange 2003 IMAP service?
    ... For the first, if you simply want to enable encrypted logins, then once you ... I guess I don't understand the need to have that command listed. ... > This section describes a means for "upgrading" an ordinary cleartext IMAP ... In order to use it, however, the server must advertise support for ...
    (microsoft.public.exchange2000.protocols)
  • Re: Enabling STARTTLS in Exchange 2003 IMAP service?
    ... For the first, if you simply want to enable encrypted logins, then once you ... I guess I don't understand the need to have that command listed. ... > This section describes a means for "upgrading" an ordinary cleartext IMAP ... In order to use it, however, the server must advertise support for ...
    (microsoft.public.exchange2000.admin)