Join Log in
Score:0
Luiz Carlos avatar Ubuntu

gnome-terminal/shell hardening security

hm flag
Luiz Carlos

How to protect gnome-terminal or any shell with a password and maybe something like recaptcha...

It could consult shadowed password database or require user to login like tty.

Maybe it can protect against reverse shell.

Thx

120
1 + 3
Raffa avatar
jp flag
Raffa
A shell/interpreter/script can run without a console or even a terminal emulator ... It can run under your graphical session environment ... So, locking the terminal might not be of benefit here ... You can if you want change your shell to a restricted shell e.g. [`rbash`](https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html) ... But, the most important thing to do is to be careful and not run arbitrary code/scripts/programs that you don't trust.
0
Reply
Luiz Carlos avatar
hm flag
Luiz Carlos
@Raffa Is there any approach relative to mitigate shell/sudo "breaches" ?? maybe specific pam (pluggable authenticatioon module), lsm, firejail or anything else ...
0
Reply
Raffa avatar
jp flag
Raffa
You need shells ... Shells are what enable you to interact with the kernel and they come in variety of shapes including your DE interface which is actually a shell called [`gnome-shell`](https://gitlab.gnome.org/GNOME/gnome-shell) ... User account login-shells are already securely authenticated under the user login authentication system ... Moreover, the concept of "reverse shell" is not actually exclusively a bad/evil thing but rather a common needed feature ... See for example [SSH reverse shells](https://moreillon.medium.com/ssh-reverse-shells-5094d9be2094) ... Your approach is not correct.
0
Reply
Score:0
Raffa avatar Ubuntu
jp flag
Raffa

You need shells to make use of your Ubuntu OS ... Shells are what enable you to interact with the kernel and they come in variety of shapes including your DE interface which is actually a shell called gnome-shell ... User account login-shells are already securely authenticated under the user login authentication system ... Moreover, the concept of "reverse shell" is not actually exclusively a bad/evil thing but rather a common needed feature that some applications implement ... See for example SSH reverse tunnels/shells.

Actually, your approach is not correct ... A shell/interpreter/script can run without a console or even a terminal emulator ... It can run under your graphical session environment ... So, locking the terminal might not be of benefit here ... You can if you want change your shell to a restricted shell e.g. rbash ... But, the most important thing to do is to be careful and not run arbitrary code/scripts/programs that you don't trust.

+ 2
Luiz Carlos avatar
hm flag
Luiz Carlos
Is gnome-remote-desktop a shell? My idead is try to avoid autorun, autoplay, bots, arbitrary code, even spread a malware, because shell has high availability and any user has rx permissions on the system over the programs (like sudo, chroot and setuid programs) as defined on PATH variable into /etc/environment. If i run a code with regular user in a shell comunicating a server owned root, isnt a breach on the other side? Escalation privileges attempts could be possible in theory ...
0
Reply
Raffa avatar
jp flag
Raffa
@LuizCarlos I see what you mean but, AFAIK I don't see how it might be possible the way you describe ... Other users however might know something that I don't and in that case somebody will post an answer hopefully with a solution to achieve what you want ... I wouldn't be optimistic though :-)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.