Doug Stewart on 1 Oct 2010 15:55:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Blocking A Program From Running

  • From: Doug Stewart <zamoose@gmail.com>
  • To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] Blocking A Program From Running
  • Date: Fri, 1 Oct 2010 18:55:38 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:references:from :content-type:x-mailer:in-reply-to:message-id:date:to :content-transfer-encoding:mime-version; bh=vW5DAkuG8PbBMyeQKNjF7WU1+EwXE2jikHOG35WaeIw=; b=l6IcbY65Yc4/aY2tdg/Rr7hxJPUj05SI3/U9MeVu9Qv8VSmLqGoS7SrHcL0yCwR+vJ Zv5tXkQDQ8wpaive5f92KTsqbd8Ak84oAFigNRPJNPMtfC/afNQn/6qulHP7EWnf3Uyk fjlmYAS0i1k3ZlSV790525O8ia+IaA92l6lPA=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org

I think pkill supports wildcarding...

--
Doug Stewart

On Oct 1, 2010, at 6:34 PM, Andrew Holden <ah@heliosltd.com> wrote:

> Thank you for all the responses. So cron it is.
> 
> I thought there would be a way to prevent any process matching certain
> terms from running or launching at all (it seems that's what SELinux
> can do).
> 
> I have to look into SELinux if this escalates. This is a learning
> experience for both of us, too - if he circumvents the cron killall
> then I'll have to try something else and it's low enough stakes that
> we can both get smarter....this is a family member (someone who should
> be using the computer for school work, not using Blender excessively.
> Frankly Blender is fantastic and I have nothing against it but other
> stuff has to get done sometimes too).
> 
> So that's why the HR/administrative/disciplinary option won't work in
> this case too.
> 
> As a follow-up how do I do a wildcard in killall?
> 
> The blender binary is blender-bin. killall blender-bin works but I
> have tried killall blend* without success, and I have tried killall
> blend*.* too. I would prefer to make it more general and it's all part
> of the getting smarter thing too. Any thoughts?
> 
> Thanks again,
> 
> -Andrew
> 
> On Fri, Oct 1, 2010 at 4:22 PM, Claude M. Schrader
> <plug@claudeschrader.com> wrote:
>> On 16:12 Fri 01 Oct     , Matt Mossholder wrote:
>>>    On Fri, Oct 1, 2010 at 4:06 PM, Claude M. Schrader
>>>    <[1]plug@claudeschrader.com> wrote:
>>> 
>>>      I'm not sure theres any way really to prevent it from running, without
>>>      getting into the murky depths of SELinux, but the killall command in
>>>      cron
>>>      would be easy, and affective
>>>      Claude
>>> 
>>> 
>>>    Even that is easy to get around by renaming the program.  Unless you are
>>>    willing to go to some lengths to lock down the user's home directory (e.g.
>>>    no executables in the home dir or temp directories, etc.) plus a boat load
>>>    of other stuff.
>>>    It would probably be a LOT easier and more effective to deal with it as an
>>>    HR or related issue.
>>>         --Matt
>> 
>> 
>> you could always break /home off into its own LVM chunk and mount it and
>> /tmp as noexec. You would need to lock down thumb drives too, but they may
>> eventually run out of places to run it from if permssions on other
>> directories are locked down.
>> 
>> But yeah, by far the best way to deal with this is administratively.
>> Claude
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --        http://www.phillylinux.org
>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug