Disable w / who
kentas at hush.com
Wed Apr 2 15:41:42 UTC 2014
On 04/02/2014 at 11:30 AM, "Dan Nelson" <dnelson at allantgroup.com> wrote:
>Also remember to remove /var/run/utx.active, /var/log/utx.*,
>the netstat, sockstat, and lsof commands,
"sysctl security.bsd.see_other_uids=0" solves this, doesn't it?
FreeBSD doesn't include lsof.
>plus gcc, clang, and any ability to upload executables :)
This is easily done with mount options in /etc/fstab.
>Unixes weren't really designed for information-hiding at the
>level you're looking for.
It doesn't have to be perfect and stop everyone, just preventing
regular users from seeing "w" and "who was my goal.
>An alternative might be to do some sort of inbound NAT outside
>the box itself, so that all incoming TCP sessions get NAT'ted to
>an internal IP before hitting your server.
I'll look into doing this with pf, thanks.
More information about the freebsd-questions