LinuxQuestions.org - Help required in disabling commands.

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Help required in disabling commands. (https://www.linuxquestions.org/questions/linux-newbie-8/help-required-in-disabling-commands-886419/)

Help required in disabling commands.

I want to disable following commands in my linux distribution (Thanks to Linux hardening guide)

Code:

# which rcp

/usr/kerberos/bin/rcp

# which rlogin

/usr/kerberos/bin/rlogin

# which rsh

/usr/kerberos/bin/rsh

When checked they were all part of krb5-workstation-1.6.1-25.el5 rpm.

Code:

# rpm -qf `which rcp`

krb5-workstation-1.6.1-25.el5

# rpm -qf `which rlogin`

krb5-workstation-1.6.1-25.el5

# rpm -qf `which rsh`

krb5-workstation-1.6.1-25.el5

As krb5-workstation-1.6.1-25.el5 has more than 100's of command associated with it,It wouldn't be a possible to remove the package itself.

Code:

# rpm -qlp krb5-workstation-1.6.1-31.el5_3.3.i386.rpm

warning: krb5-workstation-1.6.1-31.el5_3.3.i386.rpm: Header V3 DSA signature: NO

KEY, key ID 1e5e0159

/etc/pam.d/ekshell

/etc/pam.d/gssftp

/etc/pam.d/kshell

/etc/profile.d/krb5-workstation.csh

/etc/profile.d/krb5-workstation.sh

/etc/rc.d/init.d/krb524

/etc/sysconfig/krb524

/etc/xinetd.d/eklogin

/etc/xinetd.d/ekrb5-telnet

/etc/xinetd.d/gssftp

/etc/xinetd.d/klogin

/etc/xinetd.d/krb5-telnet

/etc/xinetd.d/kshell

/usr/kerberos

/usr/kerberos/bin

/usr/kerberos/bin/ftp

/usr/kerberos/bin/gss-client

/usr/kerberos/bin/kdestroy

/usr/kerberos/bin/kinit

/usr/kerberos/bin/klist

/usr/kerberos/bin/kpasswd

/usr/kerberos/bin/krb524init

/usr/kerberos/bin/krlogin

/usr/kerberos/bin/krsh

/usr/kerberos/bin/ksu

/usr/kerberos/bin/kvno

/usr/kerberos/bin/rcp

/usr/kerberos/bin/rlogin

/usr/kerberos/bin/rsh

/usr/kerberos/bin/sim_client

/usr/kerberos/bin/telnet

/usr/kerberos/bin/uuclient

/usr/kerberos/bin/v4rcp

/usr/kerberos/man

/usr/kerberos/man/man1

/usr/kerberos/man/man1/ftp.1.gz

/usr/kerberos/man/man1/kdestroy.1.gz

/usr/kerberos/man/man1/kinit.1.gz

/usr/kerberos/man/man1/klist.1.gz

/usr/kerberos/man/man1/kpasswd.1.gz

/usr/kerberos/man/man1/krb5-send-pr.1.gz

/usr/kerberos/man/man1/krb524init.1.gz

/usr/kerberos/man/man1/ksu.1.gz

/usr/kerberos/man/man1/kvno.1.gz

/usr/kerberos/man/man1/rcp.1.gz

/usr/kerberos/man/man1/rlogin.1.gz

/usr/kerberos/man/man1/rsh.1.gz

/usr/kerberos/man/man1/telnet.1.gz

/usr/kerberos/man/man1/v4rcp.1.gz

/usr/kerberos/man/man8

/usr/kerberos/man/man8/ftpd.8.gz

/usr/kerberos/man/man8/k5srvutil.8.gz

/usr/kerberos/man/man8/kadmin.8.gz

/usr/kerberos/man/man8/klogind.8.gz

/usr/kerberos/man/man8/krb524d.8.gz

/usr/kerberos/man/man8/kshd.8.gz

/usr/kerberos/man/man8/ktutil.8.gz

/usr/kerberos/man/man8/login.krb5.8.gz

/usr/kerberos/man/man8/telnetd.8.gz

/usr/kerberos/sbin

/usr/kerberos/sbin/ftpd

/usr/kerberos/sbin/gss-server

/usr/kerberos/sbin/k5srvutil

/usr/kerberos/sbin/kadmin

/usr/kerberos/sbin/klogind

/usr/kerberos/sbin/krb5-send-pr

/usr/kerberos/sbin/krb524d

/usr/kerberos/sbin/kshd

/usr/kerberos/sbin/ktutil

/usr/kerberos/sbin/login.krb5

/usr/kerberos/sbin/sim_server

/usr/kerberos/sbin/telnetd

/usr/kerberos/sbin/uuserver

/usr/share/doc/krb5-workstation-1.6.1

/usr/share/doc/krb5-workstation-1.6.1/convert-config-files

/usr/share/doc/krb5-workstation-1.6.1/kdestroy.html

/usr/share/doc/krb5-workstation-1.6.1/kinit.html

/usr/share/doc/krb5-workstation-1.6.1/klist.html

/usr/share/doc/krb5-workstation-1.6.1/kpasswd.html

/usr/share/doc/krb5-workstation-1.6.1/ksu.html

/usr/share/doc/krb5-workstation-1.6.1/services.append

/usr/share/doc/krb5-workstation-1.6.1/user-guide.ps.gz

/usr/share/info/krb5-user.info.gz

What else can be done to disable these command?

That's odd, not to mention annoying ... Anyway,

1. you can set the the ownerships are root:root and remove ALL perms.

2. Another option is to just manually delete just those binaries; should work I believe.

3. rename them (you should try this before trying option 2; just in case you have to put them back ...)

Quote:

Originally Posted by chrism01 (Post 4386026)

One more twist that i found.
As it shows rcp ,rlogin ,rsh are also part of below rpm.

Confused what to do?

I would be glad to know why two rpms listing the commands.
The only difference is the first one listed the commands under /usr/kerberos and later in /user/bin

Code:

# rpm -ql rsh-0.17-38.el5

/usr/bin/rcp

/usr/bin/rexec

/usr/bin/rlogin

/usr/bin/rsh

/usr/share/man/man1/rcp.1.gz

/usr/share/man/man1/rexec.1.gz

/usr/share/man/man1/rlogin.1.gz

/usr/share/man/man1/rsh.1.gz

Is removing an rpm not an option?

Removing rpm or yum would be a disaster. The next thing (unless you really know what you are doing) would be a reinstall.
Try to rename the binaries else if you have a gui to enable/disable services you can get it done from there. Else put a custom script in rc.local that would say 'service rcp stop'. Havent used RH or its derivatives - man they are tough to handle.
Hope this helps.

Quote:

Originally Posted by SilverBack (Post 4386162)

Let me clear here.They are not any services they are commands.

The point is, you've got 2 rpms that contain (2 separate copies of) those program files (& in the case of kerberos, more stuff as well).

0. Take a good backup! (preferably 2)
1. do you really need the kerberos installation? if not you should be able to yum remove it
2. the other one is the std rsh etc rpm and you should be able to yum remove it (I believe)

Stick to yum cmds in order to handle dependencies if any. If this is a prod system, try any changes on a backup system first.
https://access.redhat.com/kb/docs/DOC-2531

Quote:

Originally Posted by chrism01 (Post 4387054)

What is this kerberos thing(noob here).Is removing kerberos make any impact.
As you can see its points to rsh in kerberos and not the /usr/bin/rsh installed in previous package.
If i remove kerberos will it point /usr/bin/rsh or i need to manually link it.
What command to issue for removing kerberos using yum.

Code:

# yum remove kerberos

Loading "security" plugin

Setting up Remove Process

No Match for argument: kerberos

No Packages marked for removal

Code:

# which rsh

/usr/kerberos/bin/rsh

Not sure over this.

Code:

yum remove krb*

Transaction Summary

=============================================================================

Install      0 Package(s)

Update      0 Package(s)

Remove    597 Package(s)



Is this ok [y/N]: n

Consider

Code:

 rpm -qa|grep krb



krb5-libs-1.6.1-55.el5_6.1

pam_krb5-2.2.14-18.el5

krb5-workstation-1.6.1-55.el5_6.1

krb5-auth-dialog-0.7-1

All the kerberos stuff contains the 'krb' (actually krb5) string.
See the cmds in that link I gave.
Only you know if you're using kerberos or not, or ask if this is a work system.
As I said, if you're worried, just disable them as per my suggestions above; even just moving them to another dir not in anyone's $PATH would do, so long as they can't see it.
Try that for a while and see if it matters.
If not, you would prob 'yum remove krb5-workstation' to get rid.

Code:

 ll /usr/bin/rcp



-rwsr-xr-x 1 root root 18608 Sep 22  2009 /usr/bin/rcp

[chris@boole ~]$ yum provides /usr/bin/rcp

Loaded plugins: fastestmirror

rsh-0.17-40.el5.i386 : Clients for remote access commands (rsh, rlogin, rcp).

so you'd yum remove rsh to get rid of those (non-krb) versions

Code:

yum provides /usr/kerberos/bin/rcp

Loaded plugins: fastestmirror

krb5-workstation-1.6.1-55.el5.i386 : Kerberos 5 programs for use on

....

Basically, use 'yum provides /dir/path/to/cmd' to check which pkg provides a given exe (or any file actually). Note the use of the absolute filepath for best results.

HTH
:)

sorry I have not understood your problem correctly.

1) Why dont' you remove the commands alone or rename it from its locations(rm or mv accordinlgy).
2) Once that is done you can create a boot image from that to install to multiple other systems if you want.

--Rameez