Shell Access

[inforeqd]

I have been tasked to limit access on my systems to only the applications available through the GUI. In order to ensure that this is true I am petitioning the group to
pass along information that they may have had related to shell access through standard applications.

I have hard coded all my print commands and I have also limited any area that may require user input to only pull down options. The user cannot type anything into the system.

Any suggestions on what else I should check to avoid shell access or escapes as they are probably more commonly called.

Thanks
Info

 

[crowe]

If the application does not require an active shell, just a socket connection (like Oracle) you could probably change the default shell in the /etc/passwd to /usr/bin/false. Otherwise, you could put some trap statements in the /etc/profile and the users .profile to "catch" and signals sent to break out.

 

[jbcamel]

Not sure what application you are using. In my office we put a line in the user's .profile that sends them directly into the GUI application when they log on. If they exit the application they automatically get logged off. The last few lines of their .profile looks like this:

if [ "${p}" != "not a tty" ]
then
resetty
trap 2
exec gui_app
fi

Just to play it safe, the .profile is owned by root with permissions set at 644

 

[inforeqd]

Thanks to both of you. These items will help greatly in stopping access
to shells by my users. However, I am still not sold on stopping shell access.
After all whats Uni* without a shell.

Matt