From above methods i have noted down some methods of removing the command but i m yet confused which method should i follow.
As i m using it for my blog i have written it considering my blog in mind please help me evaluating the best one considering it wont affect other functionality.
It is highly recommended to remove following command on production server .
There are several ways of not using the command choose one that is suitable for your need.
Method 1:
Just try to find the rpm for the above command.
This can be done using.
From the output you can assume that by uninstalling the rpm you can achieve the removal of those command from production server.
Method 2:
Change the file permisisons:
(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)
(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)
With the chmod you should remove execute permission for everyone:
Code:
chmod a-x /usr/bin/{rcp,rsh,rlogin}
I think all of your options are valid "fixes" to your problem (except method 4 that doesnt work - that simply tells you what packages the binaries are part of). I also think it always pays to think intuitively about what other admins may do. Personally, as the rpm only contains rsh, rcp & rlogin, I would chose to uninstall the package. Admins will often use rpm to validate the install of packages, so if you choose to chmod the binaries this would be flagged in the verification, and someone may unwittingly re-chmod them back to their original values.
Another very valid way of limiting the commands is to simply add them to the firewall definition, and in that way you will not affect the installation of the commands, but would stop them working.
With the chmod you should remove execute permission for everyone:
Code:
chmod a-x /usr/bin/{rcp,rsh,rlogin}
I think all of your options are valid "fixes" to your problem (except method 4 that doesnt work - that simply tells you what packages the binaries are part of).
Edited the content .
Quote:
I also think it always pays to think intuitively about what other admins may do. Personally, as the rpm only contains rsh, rcp & rlogin, I would chose to uninstall the package. Admins will often use rpm to validate the install of packages, so if you choose to chmod the binaries this would be flagged in the verification, and someone may unwittingly re-chmod them back to their original values.
Another very valid way of limiting the commands is to simply add them to the firewall definition, and in that way you will not affect the installation of the commands, but would stop them working.
Just my thoughts....
What if some other rpm has dependencies on this rpm .
For example the rpm contains the command for rsh,rcp,rlogin and rexec .Here rexec is command which i dont want to remove but rest 3.
If someother rpm is using rexec for their functioning ,removing rpm will result in disaster for rpm which is dependent on them.
Just a thought correct me if i m wrong.
---------- Post updated at 04:39 AM ---------- Previous update was at 04:38 AM ----------
Quote:
Originally Posted by pinga123
From above methods i have noted down some methods of removing the command but i m yet confused which method should i follow.
As i m using it for my blog i have written it considering my blog in mind please help me evaluating the best one considering it wont affect other functionality.
It is highly recommended to remove following command on production server .
There are several ways of not using the command choose one that is suitable for your need.
Method 1:
Just try to find the rpm for the above command.
This can be done using.
From the output you can assume that by uninstalling the rpm you can achieve the removal of those command from production server.
Method 2:
Change the file permisisons:
(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)
(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)
If other packages depend upon rsh/rcp/rlogin then RPM will tell you so when you try to uninstall it, so that is not really an issue.
In reality I don't think you should be trusting any software that depends upon rsh/rcp/rlogin as they are inherently insecure protocols, and packages should now be using protocols such as ssh/ssl to enable their communications functionality.
I do not know which operating system you are using and chances are that I'm not that well accustomed to whatever you use. But there are some general principles which pay off if adhered to:
1) Do not - never ever - remove binaries by deleting them, as was suggested by citaylor. If you have a package management (like the mentioned rpm) use ONLY that to get software packages you do not want to be used out of the system.
2) Every Unix has a standard set of commands and rsh (rlogin, rexec, ...) are such standard commands. You might not want them to be used without further ado, but deleting them is the wrong way to accomplish what you want. Remove ".rlogin"-files (and probably similar ones, like ".netrc") from user-homes (to make password-less access to systems impossible), deactivate the respective services in inetd.conf or employ similar methods.
3) Modifying the rights of executables is a possible way, but be aware, that you modify the system - like with removing the executables altogether. If you still want to go that way you might want to create an rpm-package which does the changes and only bring this to the system - the package should undo these changes upon deinstallation of course.
The bash below executes and does find all the .bam files in each R_2019 folder. However set -x shows that the .bam extension only gets removed from one .bam file in each folder (appears to be the last in each). Why is it not removing the extension from each (this is $SAMPLE)? Thank you :).
set... (4 Replies)
Discussion started by: cmccabe
4 Replies
2. Post Here to Contact Site Administrators and Moderators
In this thread: /shell-programming-and-scripting/255687-organizing-text-file-capital-names-capital-word-capital-word.html (sorry i cant use links)
that is not an example, those are real students names with real student login id's for the college i am attending and i am on that list. Please... (3 Replies)
Hi all,
I want to remove the remove bracket sign ( ) and put in the separate column I also want to remove the repeated entry like in first row in below input (PA156) is repeated
ESR1 (PA156) leflunomide (PA450192) (PA156) leflunomide (PA450192)
CHST3 (PA26503) docetaxel... (2 Replies)
Hi all,
I'm new in this forum.
I'm looking for the difference between the HACMP commands with the prefix "cl" and "cli".
The first type are under /usr/es/sbin/cluster/sbin directory and the second are under /usr/es/sbin/cluster/cspoc directory.
I know that the first are called HACMP for AIX... (0 Replies)
Hi Experts,
I actually need to remove multiple commas within the column not the entire row. Its comma delimited file
Actually the value seems to look like 1,006,000, when we open this in notepad or word pad the value look s like “1,006,000”
Actually our Sed command removes single comma and... (7 Replies)
Hi,
I have a log file having size of 48mb.
For such a large log file. I want to get the message in a particular format which includes only unique error and exception messages.
The following things to be done :
1) To remove all the date and time from the log file
2) To remove all the... (1 Reply)
I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config.
I am not sure if I can do this with BASH scripting.
I have set up password less login by adding my public key to authorized_keys file, it works.
I am a little... (1 Reply)
Hello all,
i've written a small piece of code that will read commands from standard input and executes the commands.
Its working fine and is execting the commands well. Accepting arguments too. e.g
#mkdir <name of the directory>
The problem is that its not letting me change the directory i.e... (4 Replies)
Hi..
When I execute a command, say for ex.. cp ../../* to ..../.../*
and then when I use escape K, enter... it shows the commands recently executed.
How can we remove that commands from buffer?
This is a sun-solaris 8 environment..
Thanks, ST2000 (3 Replies)
hi, i am on aix. i used smitty to remove a user..
but then found that its directory still exists....
so i have to remove the directory manually...
am i doing it the right way? (2 Replies)
10-05-2010
