Information Security
operating-systems access-control linux remote-desktop
Updated Wed, 20 Jul 2022 11:45:14 GMT

Given SSH access, what should I do to protect a server and monitor (dangerous) user actions?


  • Small business, mostly a software house for web applications but also some desktop software.
  • Many external collaborators, so a variety of outside users with access to the servers.
  • Single physical server, with Linux and Xen as a virtualization solution - each VM has specific uses and controlled access. External users can access two of them
  • The (virtual) servers provide a variety of services: LAMP stack, email, DNS, etc. This question pertains to my concerns with local user access
  • Users can SSH into two of the VMs


  • Give users access to common development tools, both for web (PHP, Ruby on Rails, etc) and standalone applications (gcc, g++, etc); this includes not only compilers and the like but also editors. Right now, they have full shell access.
  • Users must be able to use source control on the server: svn and git
  • Some have access to MySQL databases


What steps should I take in order to:

  1. Provide a full shell to the users if possible, or equivalent solution that meets the requirements above in a safe manner
  2. Automate monitoring of dangerous activities where possible (as in sudo/su notifications)
  3. Minimize effects if a user gets his hands on a 0day privilege escalation exploit before someone patches it on the server - is this even possible?


If users must have SSH to your server, a useful tool to protect your server root is chroot - this will let you give them the apparent functionality of server root, without actually giving them the crown jewels.

Alternatively, as you use virtual machines anyway, why not provide them with virtual server instances?

Both of these will allow you to run monitoring tools (such as tripwire) in order to check for changes to files. Logging should be done outside the users' environment.

With entries in /etc/sudoers you can limit what activities users are allowed to carry out under su.

Comments (1)

  • +0 – I wasn't aware that sshd was chrootable, never seen it setup like that nor ever did it that way. Thanks, +1 if I could :). I have tripwire on the critical system files and sudoers only allows the system administrators. — Jan 12, 2011 at 21:44  

External Links

External links referenced by this document: