This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openbsd:shell [2019/12/01 05:26] jrmu |
openbsd:shell [2020/05/19 00:27] (current) jrmu |
||
---|---|---|---|
Line 17: | Line 17: | ||
} | } | ||
</code> | </code> | ||
+ | |||
+ | Update: hiding logs was causing problems | ||
We also hide logs in /var/logs and /var/www/logs | We also hide logs in /var/logs and /var/www/logs | ||
Line 148: | Line 150: | ||
zip-3.0p1 create/update ZIP files compatible with PKZip(tm) | zip-3.0p1 create/update ZIP files compatible with PKZip(tm) | ||
zstd-1.4.3 zstandard fast real-time compression algorithm | zstd-1.4.3 zstandard fast real-time compression algorithm | ||
+ | </code> | ||
+ | |||
+ | To set the user's default prompt to "username$ ", stick this into /etc/profile: | ||
+ | |||
+ | <code> | ||
+ | export PS1="`whoami`$ " | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | # chmod -R o-rx /var/log | ||
+ | # chmod o-rx /var/run/utmp | ||
+ | # chmod o-r /var/log/wtmp* | ||
</code> | </code> | ||
Line 159: | Line 173: | ||
# chmod 750 /var/log | # chmod 750 /var/log | ||
# chmod o-rx /var/log/* | # chmod o-rx /var/log/* | ||
+ | # chmod -R o-rx /etc/mail | ||
</code> | </code> | ||
Line 191: | Line 206: | ||
<code> | <code> | ||
# find / -perm -4000 | # find / -perm -4000 | ||
+ | </code> | ||
+ | |||
+ | Check /etc/groups to make sure that no user is a member of wheel. This will prevent them from su to root even if they know the password. | ||
+ | |||
+ | In /etc/ssh/sshd_config, turn off X11 forwarding | ||
+ | |||
+ | Create symlinks for users so they don't complain: | ||
+ | |||
+ | <code> | ||
+ | ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh | ||
+ | ln -s /usr/local/bin/python3.7 /usr/local/bin/python | ||
+ | </code> | ||
+ | |||
+ | You will want to have /var/www/etc/resolv.conf to allow DNS lookup inside the chroot: | ||
+ | |||
+ | <code> | ||
+ | # mkdir /var/www/etc/ | ||
+ | # cp /etc/resolv.conf /var/www/etc/ | ||
+ | # chown -R www:daemon /var/www/etc | ||
</code> | </code> |