Solved

Removing access to the Terminal Window

Posted on 2014-02-07
7
391 Views
Last Modified: 2014-04-27
I have an environment where users log onto a Solaris 10 system using JDS and i would like to remove access to the Terminal Window. Is there a way to do this  without disabling the ability to actually logon?
0
Comment
Question by:mritwonderful
  • 4
  • 3
7 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39844033
May want to see if this help - key is to disable xdmcp. E.g. setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

http://www.softpanorama.org/Xwindows/Xdmcp/enabling_xdmcp_in_solaris_10.shtml

related - dtlogin is disabled by running it on port 0 instead of the default port 177
http://www.sunmanagers.org/pipermail/summaries/2007-September/008300.html
0
 

Author Comment

by:mritwonderful
ID: 39846306
Breadtan,

I'll look into those links some more but i do not think they will help me achieve what I'm looking to do. I am running sunray services and all of my users access the solaris server using thin clients. I want the users to be able to login to the server using JDS but i do not want them to be able to open a terminal window. I'm trying to lock things down so users cant run anything from the command line.
0
 
LVL 63

Expert Comment

by:btan
ID: 39846395
Thanks for sharing. I am wondering if Controlled Access Mode (CAM) in Kiosk Mode (link) will fit the use case,
- CAM Chooser Application (link)
- CAM Mode going into restricted jds (link)
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:mritwonderful
ID: 39861537
breadtan,

I'm using Solaris 10 Trusted Extension and my users need to be able to logn and access multiple zones. I need to lock down the terminal in each zone. I'm thinking this would only work on a system that just has a Global zone and not multiple non-global zones.
0
 
LVL 63

Expert Comment

by:btan
ID: 39861659
I was reading some material and such extension has label e.g. Classification Labels and Sensitivity Labels are associated with a specific zone. When users log in to a zone, any processes and files that are accessed or created in that zone are set to the Classification and Sensitivity Label assigned to that zone. And if the host does not have Solaris Trusted Extensions, it will only be bind to a specific single label. This means that the host will be able to connect only to a single zone on the Solaris Trusted Extensions system, assuming it is trying to remote into the extension system. This then defeats your intent for multiple zones login.

So if user is to login into trusted extension and logged in to a multilevel session. May not be able to prevent use of JDS but maybe at restrict the data transfer btw label such as below http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-16.html#ugtour-23

There is also mention of Application Manager Security which I am wondering restricting other apps to further lockdown only basic apps to limit user actions
http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-42.html#ugelem-24
0
 

Accepted Solution

by:
mritwonderful earned 0 total points
ID: 40016654
I was able to remove access to the terminal by changing its permissions and removing everyones access to the file by changing the group access only.
0
 

Author Closing Comment

by:mritwonderful
ID: 40025537
This was the only viable solution to my question.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain admin accounts get locked out 35 82
MS hosted exhange security 2 46
Not using commercial AV product on Windows 10. 10 98
SCSM reports export 1 16
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question