How to enforce "user cannot invoke any programs without first logging on to the system"

How to enforce "user cannot invoke any programs without first logging on to the system"

Post by Jame » Wed, 14 Jun 2006 03:40:19


Hi all,

I am writing shell scripts to enforce some security standards. One of
the rules is
"Users cannot get access to shell or invoke any other programs without
first logging
on to the system"

Does this mean
echo "mkdir /tmp/testdir" | ssh userid@anothermachine
should be prohibited?
How to enforce such kind of security rule? Is there ssh configuration I
should take a look?

Many thanks,

James
 
 
 

How to enforce "user cannot invoke any programs without first logging on to the system"

Post by base6 » Wed, 14 Jun 2006 03:55:09


Ah, your management has hired a CISSP with no background as a SA.
Excellent!


Shouldn't you ask the group which devised the "standard" rather
than attempting to divine their intent?


The best thing to do with this sort of thing is send it back to the
originating body with a request for clarification.

Once or twice through that cycle and they usually go away... the trick
is to seem sincere :)