Monday, 7 April 2014

Service hiding/protection

This is a bit of operational security, but it took me a lot longer than I would have liked to do, and no one had an example like the below. This command will use the open source Access control list command line utility SetACL to lockdown a service so that the user specified can't stop or start it, on testing it is even better than that the service dissapears from the services manager.

setacl.exe -ot srv -on "Service Name" -ace "n:domain\username;p:start_stop;m:deny" -actn ace





This is obviously a really good idea if you have admins of a box that you don't want to be able to stop a key service, it could also allow you to stop a malicious user from seeing a specific service, depending on the malicious users method of getting onto your server.

No comments: