Solved

Removing access to the Terminal Window

Posted on 2014-02-07
7
395 Views
Last Modified: 2014-04-27
I have an environment where users log onto a Solaris 10 system using JDS and i would like to remove access to the Terminal Window. Is there a way to do this  without disabling the ability to actually logon?
0
Comment
Question by:mritwonderful
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39844033
May want to see if this help - key is to disable xdmcp. E.g. setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

http://www.softpanorama.org/Xwindows/Xdmcp/enabling_xdmcp_in_solaris_10.shtml

related - dtlogin is disabled by running it on port 0 instead of the default port 177
http://www.sunmanagers.org/pipermail/summaries/2007-September/008300.html
0
 

Author Comment

by:mritwonderful
ID: 39846306
Breadtan,

I'll look into those links some more but i do not think they will help me achieve what I'm looking to do. I am running sunray services and all of my users access the solaris server using thin clients. I want the users to be able to login to the server using JDS but i do not want them to be able to open a terminal window. I'm trying to lock things down so users cant run anything from the command line.
0
 
LVL 64

Expert Comment

by:btan
ID: 39846395
Thanks for sharing. I am wondering if Controlled Access Mode (CAM) in Kiosk Mode (link) will fit the use case,
- CAM Chooser Application (link)
- CAM Mode going into restricted jds (link)
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:mritwonderful
ID: 39861537
breadtan,

I'm using Solaris 10 Trusted Extension and my users need to be able to logn and access multiple zones. I need to lock down the terminal in each zone. I'm thinking this would only work on a system that just has a Global zone and not multiple non-global zones.
0
 
LVL 64

Expert Comment

by:btan
ID: 39861659
I was reading some material and such extension has label e.g. Classification Labels and Sensitivity Labels are associated with a specific zone. When users log in to a zone, any processes and files that are accessed or created in that zone are set to the Classification and Sensitivity Label assigned to that zone. And if the host does not have Solaris Trusted Extensions, it will only be bind to a specific single label. This means that the host will be able to connect only to a single zone on the Solaris Trusted Extensions system, assuming it is trying to remote into the extension system. This then defeats your intent for multiple zones login.

So if user is to login into trusted extension and logged in to a multilevel session. May not be able to prevent use of JDS but maybe at restrict the data transfer btw label such as below http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-16.html#ugtour-23

There is also mention of Application Manager Security which I am wondering restricting other apps to further lockdown only basic apps to limit user actions
http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-42.html#ugelem-24
0
 

Accepted Solution

by:
mritwonderful earned 0 total points
ID: 40016654
I was able to remove access to the terminal by changing its permissions and removing everyones access to the file by changing the group access only.
0
 

Author Closing Comment

by:mritwonderful
ID: 40025537
This was the only viable solution to my question.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question