ensure only my apps work
Andrew Farris
flyindragon1 at aol.com
Sun Jul 11 19:27:47 UTC 2010
On Fri, 2010-07-09 at 11:43 +0100, Hakan Koseoglu wrote:
> On 09/07/10 10:51, Mac Smith wrote:
> > I have a very typical requirement.
> I wouldn't say this is typical.
>
> > I have a ubuntu box and i want to ensure that only the applications,
> > scripts, programs that i have installed should run on it, anybody else
> > copying or installing something on it should not be able to execute.
> Mount the home & tmp with noexec, don't give anyone the root password.
> Install rkhunter to track the checksums of the binaries. Tripwire is an
> other alternative.
I never thought of mounting /home and /tmp with the 'noexec' option, but
that's a good idea.
With that in place, provided your 'anybody else' is running a regular
user account (i.e. not with admin privileges) then that should solve
your problem, I think.
If your concerned about people editing your configurations (such as
theme, etc), you might also want to look at a lockdown editor. Ive used
the program 'pessulus' in the past with success in this realm (called
'Lockdown Editor' in USC)
Hope that helps!
--
Andrew
_____________________________
Registered Linux User: 473690
Registered Ubuntu User: 22747
More information about the ubuntu-users
mailing list