* will --cmd-owner ever return? @ 2007-03-27 18:45 vwf 2007-03-27 18:51 ` Tom Eastep 0 siblings, 1 reply; 4+ messages in thread From: vwf @ 2007-03-27 18:45 UTC (permalink / raw) To: netfilter Hello, Since kernel 2.6.15, command owner matching is gone (-m owner --cmd-owner). I consider this match vital for securing a workstation. Programs are calling home (including well known very free source ones), emails contain all kinds of tricks to report back (some of them I cannot delete unseen), some programs are simply too insecure to be alowed to connect to some server (e.g. media players), and often I simply want my workstation to be absolutely quiet (except when I specificly ask for something). How can I lock my workstation down on application level? Please tell me Netfilter can do this. Or can't it? ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return? 2007-03-27 18:45 will --cmd-owner ever return? vwf @ 2007-03-27 18:51 ` Tom Eastep 2007-03-27 19:25 ` tom 0 siblings, 1 reply; 4+ messages in thread From: Tom Eastep @ 2007-03-27 18:51 UTC (permalink / raw) To: vwf; +Cc: netfilter [-- Attachment #1: Type: text/plain, Size: 325 bytes --] vwf wrote: > How can I lock my workstation down on application level? tuxguardian.sf.net -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 252 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return? 2007-03-27 18:51 ` Tom Eastep @ 2007-03-27 19:25 ` tom 2007-03-28 2:07 ` Jan Engelhardt 0 siblings, 1 reply; 4+ messages in thread From: tom @ 2007-03-27 19:25 UTC (permalink / raw) To: Tom Eastep; +Cc: netfilter, vwf If a connection is established, then you can find the owner by comparing the inode in /proc/net/tcp with the /proc/<PID> tree [all the numbered folders]. In each of these there is a folder named fd which provides symbolic links to the open file descriptors which that PID is using. a quick ls -l will give you the information you need to resolve it to a socket inode, you'll usually see socket:[32424] or something similar. You then know which PID owns the conection. I have some python code which resolves this all to program names if you want it? Tom Eastep wrote: > vwf wrote: > > >> How can I lock my workstation down on application level? >> > > tuxguardian.sf.net > > -Tom > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return? 2007-03-27 19:25 ` tom @ 2007-03-28 2:07 ` Jan Engelhardt 0 siblings, 0 replies; 4+ messages in thread From: Jan Engelhardt @ 2007-03-28 2:07 UTC (permalink / raw) To: tom; +Cc: netfilter, Tom Eastep, vwf On Mar 27 2007 20:25, tom wrote: > > If a connection is established, then you can find the owner by comparing the > inode in /proc/net/tcp with the /proc/<PID> tree [all the numbered folders]. That's not really atomic. Jan -- ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-03-28 2:07 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-03-27 18:45 will --cmd-owner ever return? vwf 2007-03-27 18:51 ` Tom Eastep 2007-03-27 19:25 ` tom 2007-03-28 2:07 ` Jan Engelhardt
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.