Re: Block network at logoff on workstation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 2010-02-04 at 09:19 -0500, Ross Walker wrote:
> On Feb 3, 2010, at 9:36 PM, David McGuffey <davidmcguffey@xxxxxxxxxxx>  
> wrote:
> 
> > I'm trying to reduce the attack surface to a home machine that is  
> > always
> > on and connected to the Internet.  It is running CentOS 5.4, with  
> > tight
> > iptables rules and sits behind a Verizon FiOS firewall/switch also
> > configured with tight rules.
> >
> > I was wondering how to best block all network access to it when I log
> > off...then unblock it when I log on. Changing iptables requires root
> > access...as does running ifdown and ifup scripts.
> >
> > I could change the permissions on ifdown and ifup and run them from  
> > the
> > login/logout scripts, but I'd prefer not to do that.
> >
> > Any tips?
> 
> Set iptables to block all inbound traffic unless initiated from your  
> workstation.
> 
> It's the most secure, all the time.
> 
> -Ross
It is already set up that way...but I was thinking about taking the
interface down if no one is logged into the console (this is a
workstation used as a home computer and not supporting any network
servers).

I was thinking of a cron job that would run 'who' and if there were no
active logins, run 'ifdown eth0'

DaveM


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux