(must I)/can I reduce as much as possible the privileges/access rights of the my_aux_login account? so that if somebody breaks _its_ password, it won't be able to do anything, including browsing around to see what's installed?
Ah. I think I have a clearer idea on what your wanting to do now. You may want to look at SELinux (Comes with CentOS 4 but may either be enabled,set to warn or disabled depending on how it was installed).
I have yet had time to understand the SELinux mechanism but I recall a discussion where the person used SELinux to reconfigure what the root account could do, left the console logged in and asked people to break into the system using the root account. If SELinux can be used to change how root behaves it should be able to do the same with non-root accounts.
Anyhow here are some links I found that may help.
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guid e/rhlcommon-section-0047.html http://danwalsh.livejournal.com/1538.html http://www.nsa.gov/selinux/
-Greg
On Wed, Jun 14, 2006 14:24:23 PM -0500, King, John (Greg) (LMIT-HOU) (Greg.King@lmit.com) wrote:
Ah. I think I have a clearer idea on what your wanting to do now. You may want to look at SELinux (Comes with CentOS 4 but may either be enabled,set to warn or disabled depending on how it was installed).
[...]
Anyhow here are some links I found that may help.
OK, thanks John and all the others for your feedback. I'll study the solution you proposed.
Marco
-
King, John (Greg) (LMIT-HOU) -
M. Fioretti