in reply to Generic Wrappers?

You could take an alternative approach, still using your wrappers but first ask

If you answer no to that for your service then create a new group called WebTools or something and chown root.WebTools the files. Then chmod o-x them.

If they want to use them they should ask for it and provide a reason. Same with compilers and other utilities...

Just a thought...

Replies are listed 'Best First'.
Re^2: Generic Wrappers?
by ninja_byte (Acolyte) on Dec 24, 2004 at 20:49 UTC
    That's true. The first stage of my little scheme would be to find the people at least attempting to use them. I'd rather flush them out and terminate some accounts, rather than just inconvenience them. The group idea is excellent however, I'll put that into the list of possibilities.

    The idea of a 'trap' kind of program appeals to me... eventually I might make it into a adaptable keylogger of sorts... hmm..

    Thanks for the suggestion!

      In the meantime you could create something like the /bin/sh you get on a debian root disk (busybox)...

      With busybox you get one executable file and a load of symlinks... the name of the program ($0) it is invoked with determines what it does (limited ls, cat, mknod etc...)

      why not physically move all of your dodgy files (lynx, curl, wget etc) into a /usr/local/wtools folder and put your perl script in /usr/local/bin and have symlinks to it called (lynx, curl, wget etc)... then you get all your logging immediately and they needn't know.

      You can even set the ground rules by doing the chown on both files but leaving o+x on the perl script and chmod setgrpid on it so it works... once you've got your list of users and reasons and you've added them to the group you can un-chmod setgrpid the perl wrapper program...