That has been done already the only problem is people compile there own executables. I run a server for kids at a local school and you know how some kids can be. I have already had to ban several users for compiling scripts to launch attacks on other machines. I strictly enforce there acceptable use agreement through the school but sometimes that just isn't enough.
>From: "Howland, Curtis" <[EMAIL PROTECTED]> >To: "Steve Meyer" <[EMAIL PROTECTED]>, ><[EMAIL PROTECTED]> >Subject: RE: restricting outbound access? >Date: Thu, 16 May 2002 11:59:05 +0900 >MIME-Version: 1.0 >Received: from [65.125.64.134] by hotmail.com (3.2) with ESMTP id >MHotMailBEAC6C63003A40043197417D40860C4B0; Wed, 15 May 2002 20:03:01 -0700 >Received: (qmail 624 invoked by uid 38); 16 May 2002 03:01:57 -0000 >Received: (qmail 589 invoked from network); 16 May 2002 03:01:57 -0000 >Received: from gw-jp101e.kvh.co.jp (61.120.193.20) by murphy.debian.org >with SMTP; 16 May 2002 03:01:57 -0000 >Received: (from smtp@localhost)by gw-jp101e.kvh.co.jp (8.8.7/8.8.7) id >MAA21397;Thu, 16 May 2002 12:01:28 +0900 (JST) >Received: from jpkvhms1(192.168.0.210) by gw-jp101e via smap (V2.0)id >xma021389; Thu, 16 May 02 12:01:23 +0900 >Received: from jpkvhms2.tel.kvh.co.jp ([192.168.0.211]) by >jpkvhms1.tel.kvh.co.jp with Microsoft SMTPSVC(5.0.2195.4453); Thu, 16 May >2002 12:01:33 +0900 >From bounce-debian-security Wed, 15 May 2002 20:03:50 -0700 >X-Envelope-Sender: [EMAIL PROTECTED] >content-class: urn:content-classes:message >X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 >Message-ID: <[EMAIL PROTECTED]> >Thread-Topic: restricting outbound access? >Thread-Index: AcH8hB0bx6zNtQf+T+OgiE0K7RywbQAAHQ9Q >X-OriginalArrivalTime: 16 May 2002 03:01:33.0254 (UTC) >FILETIME=[FC0B6660:01C1FC85] >Resent-Message-ID: <zvJnNB.A.nJ.lEy48@murphy> >Resent-From: [EMAIL PROTECTED] >X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/7287 >X-Loop: [EMAIL PROTECTED] >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]?subject=help> >List-Subscribe: ><mailto:[EMAIL PROTECTED]?subject=subscribe> >List-Unsubscribe: ><mailto:[EMAIL PROTECTED]?subject=unsubscribe> >Precedence: list >Resent-Sender: [EMAIL PROTECTED] > >How about group access privileges on the offending executables? > >Seems to me to be the natural method of restricting access to stuff. > >Curt- > > > I have a question. Is there any way to restrict outbound > > access for all but > > a few users? I know with iptables you can block outbound > > traffic completely > > but that wont work in my situation. There are about 150 > > users of my server > > and only 3 of them need outbound access so I am kind of in a sticky > > situation. Any help would be greatly appreciated. > > > > Thanks in advance > > > > Steve Meyer > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact >[EMAIL PROTECTED] > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
