LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-15-2011, 01:52 AM   #1
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Rep: Reputation: 36
Help required in disabling commands.


I want to disable following commands in my linux distribution (Thanks to Linux hardening guide)

Code:
# which rcp
/usr/kerberos/bin/rcp
# which rlogin
/usr/kerberos/bin/rlogin
# which rsh
/usr/kerberos/bin/rsh
When checked they were all part of krb5-workstation-1.6.1-25.el5 rpm.
Code:
# rpm -qf `which rcp`
krb5-workstation-1.6.1-25.el5
# rpm -qf `which rlogin`
krb5-workstation-1.6.1-25.el5
# rpm -qf `which rsh`
krb5-workstation-1.6.1-25.el5
As krb5-workstation-1.6.1-25.el5 has more than 100's of command associated with it,It wouldn't be a possible to remove the package itself.

Code:
# rpm -qlp krb5-workstation-1.6.1-31.el5_3.3.i386.rpm
warning: krb5-workstation-1.6.1-31.el5_3.3.i386.rpm: Header V3 DSA signature: NO
KEY, key ID 1e5e0159
/etc/pam.d/ekshell
/etc/pam.d/gssftp
/etc/pam.d/kshell
/etc/profile.d/krb5-workstation.csh
/etc/profile.d/krb5-workstation.sh
/etc/rc.d/init.d/krb524
/etc/sysconfig/krb524
/etc/xinetd.d/eklogin
/etc/xinetd.d/ekrb5-telnet
/etc/xinetd.d/gssftp
/etc/xinetd.d/klogin
/etc/xinetd.d/krb5-telnet
/etc/xinetd.d/kshell
/usr/kerberos
/usr/kerberos/bin
/usr/kerberos/bin/ftp
/usr/kerberos/bin/gss-client
/usr/kerberos/bin/kdestroy
/usr/kerberos/bin/kinit
/usr/kerberos/bin/klist
/usr/kerberos/bin/kpasswd
/usr/kerberos/bin/krb524init
/usr/kerberos/bin/krlogin
/usr/kerberos/bin/krsh
/usr/kerberos/bin/ksu
/usr/kerberos/bin/kvno
/usr/kerberos/bin/rcp
/usr/kerberos/bin/rlogin
/usr/kerberos/bin/rsh
/usr/kerberos/bin/sim_client
/usr/kerberos/bin/telnet
/usr/kerberos/bin/uuclient
/usr/kerberos/bin/v4rcp
/usr/kerberos/man
/usr/kerberos/man/man1
/usr/kerberos/man/man1/ftp.1.gz
/usr/kerberos/man/man1/kdestroy.1.gz
/usr/kerberos/man/man1/kinit.1.gz
/usr/kerberos/man/man1/klist.1.gz
/usr/kerberos/man/man1/kpasswd.1.gz
/usr/kerberos/man/man1/krb5-send-pr.1.gz
/usr/kerberos/man/man1/krb524init.1.gz
/usr/kerberos/man/man1/ksu.1.gz
/usr/kerberos/man/man1/kvno.1.gz
/usr/kerberos/man/man1/rcp.1.gz
/usr/kerberos/man/man1/rlogin.1.gz
/usr/kerberos/man/man1/rsh.1.gz
/usr/kerberos/man/man1/telnet.1.gz
/usr/kerberos/man/man1/v4rcp.1.gz
/usr/kerberos/man/man8
/usr/kerberos/man/man8/ftpd.8.gz
/usr/kerberos/man/man8/k5srvutil.8.gz
/usr/kerberos/man/man8/kadmin.8.gz
/usr/kerberos/man/man8/klogind.8.gz
/usr/kerberos/man/man8/krb524d.8.gz
/usr/kerberos/man/man8/kshd.8.gz
/usr/kerberos/man/man8/ktutil.8.gz
/usr/kerberos/man/man8/login.krb5.8.gz
/usr/kerberos/man/man8/telnetd.8.gz
/usr/kerberos/sbin
/usr/kerberos/sbin/ftpd
/usr/kerberos/sbin/gss-server
/usr/kerberos/sbin/k5srvutil
/usr/kerberos/sbin/kadmin
/usr/kerberos/sbin/klogind
/usr/kerberos/sbin/krb5-send-pr
/usr/kerberos/sbin/krb524d
/usr/kerberos/sbin/kshd
/usr/kerberos/sbin/ktutil
/usr/kerberos/sbin/login.krb5
/usr/kerberos/sbin/sim_server
/usr/kerberos/sbin/telnetd
/usr/kerberos/sbin/uuserver
/usr/share/doc/krb5-workstation-1.6.1
/usr/share/doc/krb5-workstation-1.6.1/convert-config-files
/usr/share/doc/krb5-workstation-1.6.1/kdestroy.html
/usr/share/doc/krb5-workstation-1.6.1/kinit.html
/usr/share/doc/krb5-workstation-1.6.1/klist.html
/usr/share/doc/krb5-workstation-1.6.1/kpasswd.html
/usr/share/doc/krb5-workstation-1.6.1/ksu.html
/usr/share/doc/krb5-workstation-1.6.1/services.append
/usr/share/doc/krb5-workstation-1.6.1/user-guide.ps.gz
/usr/share/info/krb5-user.info.gz

What else can be done to disable these command?
 
Old 06-15-2011, 02:07 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
That's odd, not to mention annoying ... Anyway,

1. you can set the the ownerships are root:root and remove ALL perms.

2. Another option is to just manually delete just those binaries; should work I believe.


3. rename them (you should try this before trying option 2; just in case you have to put them back ...)
 
Old 06-15-2011, 02:30 AM   #3
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by chrism01 View Post
That's odd, not to mention annoying ... Anyway,

1. you can set the the ownerships are root:root and remove ALL perms.

2. Another option is to just manually delete just those binaries; should work I believe.


3. rename them (you should try this before trying option 2; just in case you have to put them back ...)
One more twist that i found.
As it shows rcp ,rlogin ,rsh are also part of below rpm.

Confused what to do?


I would be glad to know why two rpms listing the commands.
The only difference is the first one listed the commands under /usr/kerberos and later in /user/bin

Code:
# rpm -ql rsh-0.17-38.el5
/usr/bin/rcp
/usr/bin/rexec
/usr/bin/rlogin
/usr/bin/rsh
/usr/share/man/man1/rcp.1.gz
/usr/share/man/man1/rexec.1.gz
/usr/share/man/man1/rlogin.1.gz
/usr/share/man/man1/rsh.1.gz
Is removing an rpm not an option?
 
Old 06-15-2011, 05:18 AM   #4
honeybadger
Member
 
Registered: Aug 2007
Location: India
Distribution: Slackware (mainly) and then a lot of others...
Posts: 855

Rep: Reputation: Disabled
Removing rpm or yum would be a disaster. The next thing (unless you really know what you are doing) would be a reinstall.
Try to rename the binaries else if you have a gui to enable/disable services you can get it done from there. Else put a custom script in rc.local that would say 'service rcp stop'. Havent used RH or its derivatives - man they are tough to handle.
Hope this helps.
 
Old 06-15-2011, 05:27 AM   #5
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by SilverBack View Post
Removing rpm or yum would be a disaster. The next thing (unless you really know what you are doing) would be a reinstall.
Try to rename the binaries else if you have a gui to enable/disable services you can get it done from there. Else put a custom script in rc.local that would say 'service rcp stop'. Havent used RH or its derivatives - man they are tough to handle.
Hope this helps.
Let me clear here.They are not any services they are commands.
 
Old 06-15-2011, 08:54 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
The point is, you've got 2 rpms that contain (2 separate copies of) those program files (& in the case of kerberos, more stuff as well).

0. Take a good backup! (preferably 2)
1. do you really need the kerberos installation? if not you should be able to yum remove it
2. the other one is the std rsh etc rpm and you should be able to yum remove it (I believe)

Stick to yum cmds in order to handle dependencies if any. If this is a prod system, try any changes on a backup system first.
https://access.redhat.com/kb/docs/DOC-2531
 
1 members found this post helpful.
Old 06-16-2011, 01:13 AM   #7
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by chrism01 View Post
The point is, you've got 2 rpms that contain (2 separate copies of) those program files (& in the case of kerberos, more stuff as well).

0. Take a good backup! (preferably 2)
1. do you really need the kerberos installation? if not you should be able to yum remove it
2. the other one is the std rsh etc rpm and you should be able to yum remove it (I believe)

Stick to yum cmds in order to handle dependencies if any. If this is a prod system, try any changes on a backup system first.
https://access.redhat.com/kb/docs/DOC-2531
What is this kerberos thing(noob here).Is removing kerberos make any impact.
As you can see its points to rsh in kerberos and not the /usr/bin/rsh installed in previous package.
If i remove kerberos will it point /usr/bin/rsh or i need to manually link it.
What command to issue for removing kerberos using yum.
Code:
# yum remove kerberos
Loading "security" plugin
Setting up Remove Process
No Match for argument: kerberos
No Packages marked for removal
Code:
# which rsh
/usr/kerberos/bin/rsh
Not sure over this.
Code:
yum remove krb*
Transaction Summary
=============================================================================
Install      0 Package(s)
Update       0 Package(s)
Remove     597 Package(s)

Is this ok [y/N]: n

Last edited by pinga123; 06-16-2011 at 01:15 AM.
 
Old 06-16-2011, 06:37 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Consider
Code:
 rpm -qa|grep krb

krb5-libs-1.6.1-55.el5_6.1
pam_krb5-2.2.14-18.el5
krb5-workstation-1.6.1-55.el5_6.1
krb5-auth-dialog-0.7-1
All the kerberos stuff contains the 'krb' (actually krb5) string.
See the cmds in that link I gave.
Only you know if you're using kerberos or not, or ask if this is a work system.
As I said, if you're worried, just disable them as per my suggestions above; even just moving them to another dir not in anyone's $PATH would do, so long as they can't see it.
Try that for a while and see if it matters.
If not, you would prob 'yum remove krb5-workstation' to get rid.

Code:
 ll /usr/bin/rcp

-rwsr-xr-x 1 root root 18608 Sep 22  2009 /usr/bin/rcp
[chris@boole ~]$ yum provides /usr/bin/rcp
Loaded plugins: fastestmirror
rsh-0.17-40.el5.i386 : Clients for remote access commands (rsh, rlogin, rcp).
so you'd yum remove rsh to get rid of those (non-krb) versions

Code:
yum provides /usr/kerberos/bin/rcp
Loaded plugins: fastestmirror
krb5-workstation-1.6.1-55.el5.i386 : Kerberos 5 programs for use on
....
Basically, use 'yum provides /dir/path/to/cmd' to check which pkg provides a given exe (or any file actually). Note the use of the absolute filepath for best results.

HTH
 
1 members found this post helpful.
Old 06-16-2011, 07:22 AM   #9
ssrameez
Member
 
Registered: Oct 2006
Location: bangalore
Distribution: Fedora, Ubuntu, Debian, Redhat
Posts: 82

Rep: Reputation: 6
sorry I have not understood your problem correctly.

1) Why dont' you remove the commands alone or rename it from its locations(rm or mv accordinlgy).
2) Once that is done you can create a boot image from that to install to multiple other systems if you want.

--Rameez
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux commands required for usb protocol... cvr Linux - Software 1 06-22-2010 03:36 AM
Need help for Windows cmd commands into Linux terminal commands. windowsNilo Linux - Software 2 07-02-2008 07:26 PM
Need help for Windows cmd commands into Linux terminal commands. windowsNilo Linux - General 2 07-01-2008 07:53 AM
Disabling commands raptorman Debian 5 09-20-2005 07:57 AM
Disabling console commands? Kage Linux - Newbie 4 02-09-2002 01:38 PM


All times are GMT -5. The time now is 01:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration