LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-08-2005, 03:41 PM   #1
ridertech
Member
 
Registered: Dec 2003
Location: Seattle, Washington
Distribution: Debian 'Sarge'
Posts: 85

Rep: Reputation: 15
Securing uname command?


Is it a good idea to "secure" the uname command? I'd prefer not to give out my OS, hostname, kernel version, architecture, etc...

Can I secure it by simply running the following command?
mv /bin/uname /sbin/uname

Thanks.
 
Old 02-08-2005, 03:46 PM   #2
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
You can't secure a file by doing that justb ecause it's not in there search path doesn't mean they can't type out the whole path to execute it. You can "chmod 750 /bin/uname" but it seems that most everything wants to execute uname so you might break some apps that rely on this.
 
Old 02-08-2005, 03:47 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Give it out to who? Is that a kiosk system or something?
How many people, other than yourself, have shell access?


Cheers,
Tink
 
Old 02-08-2005, 05:16 PM   #4
ridertech
Member
 
Registered: Dec 2003
Location: Seattle, Washington
Distribution: Debian 'Sarge'
Posts: 85

Original Poster
Rep: Reputation: 15
Your right, it is probably not a good idea since other apps rely on this. My host runs Apache, MySQL and SSH services... I thought it may help to prevent someone from gaining (advertised) knowledge of the kernel version and using specific vulnerabilities.

Although the uname command should only be visible within a shell, there are leaks from various web services (phpinfo(), phpmyadmin, mambo, etc).

No worries - it seems like this is security through obscurity anyways. I'll stick to iptables.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Uname ? phr3nzal Linux - Software 4 10-07-2005 09:52 AM
uname huntz Slackware 3 09-30-2004 07:53 AM
uname -a BRAHmS Linux - Newbie 1 05-11-2004 10:45 PM
uname -r 2.6.4 /bin/bash General 25 03-16-2004 08:14 AM
uname -s jpbarto Linux - General 2 07-31-2003 01:24 PM


All times are GMT -5. The time now is 06:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration