Help required in disabling commands.

06-15-2011

Registered User

388, 3

Join Date: Sep 2009

Last Activity: 27 January 2014, 2:06 AM EST

Posts: 388

Thanks Given: 86

Thanked 3 Times in 3 Posts

Help required in disabling commands.

I want to disable following commands in my linux distribution (Thanks to Linux hardening guide)

Code:

# which rcp
/usr/kerberos/bin/rcp
# which rlogin
/usr/kerberos/bin/rlogin
# which rsh
/usr/kerberos/bin/rsh

When checked they were all part of krb5-workstation-1.6.1-25.el5 rpm.

Code:

# rpm -qf `which rcp`
krb5-workstation-1.6.1-25.el5
# rpm -qf `which rlogin`
krb5-workstation-1.6.1-25.el5
# rpm -qf `which rsh`
krb5-workstation-1.6.1-25.el5

As krb5-workstation-1.6.1-25.el5 has more than 100's of command associated with it,It wouldn't be a possible to remove the package itself.

Code:

# rpm -qlp krb5-workstation-1.6.1-31.el5_3.3.i386.rpm
warning: krb5-workstation-1.6.1-31.el5_3.3.i386.rpm: Header V3 DSA signature: NO
KEY, key ID 1e5e0159
/etc/pam.d/ekshell
/etc/pam.d/gssftp
/etc/pam.d/kshell
/etc/profile.d/krb5-workstation.csh
/etc/profile.d/krb5-workstation.sh
/etc/rc.d/init.d/krb524
/etc/sysconfig/krb524
/etc/xinetd.d/eklogin
/etc/xinetd.d/ekrb5-telnet
/etc/xinetd.d/gssftp
/etc/xinetd.d/klogin
/etc/xinetd.d/krb5-telnet
/etc/xinetd.d/kshell
/usr/kerberos
/usr/kerberos/bin
/usr/kerberos/bin/ftp
/usr/kerberos/bin/gss-client
/usr/kerberos/bin/kdestroy
/usr/kerberos/bin/kinit
/usr/kerberos/bin/klist
/usr/kerberos/bin/kpasswd
/usr/kerberos/bin/krb524init
/usr/kerberos/bin/krlogin
/usr/kerberos/bin/krsh
/usr/kerberos/bin/ksu
/usr/kerberos/bin/kvno
/usr/kerberos/bin/rcp
/usr/kerberos/bin/rlogin
/usr/kerberos/bin/rsh
/usr/kerberos/bin/sim_client
/usr/kerberos/bin/telnet
/usr/kerberos/bin/uuclient
/usr/kerberos/bin/v4rcp
/usr/kerberos/man
/usr/kerberos/man/man1
/usr/kerberos/man/man1/ftp.1.gz
/usr/kerberos/man/man1/kdestroy.1.gz
/usr/kerberos/man/man1/kinit.1.gz
/usr/kerberos/man/man1/klist.1.gz
/usr/kerberos/man/man1/kpasswd.1.gz
/usr/kerberos/man/man1/krb5-send-pr.1.gz
/usr/kerberos/man/man1/krb524init.1.gz
/usr/kerberos/man/man1/ksu.1.gz
/usr/kerberos/man/man1/kvno.1.gz
/usr/kerberos/man/man1/rcp.1.gz
/usr/kerberos/man/man1/rlogin.1.gz
/usr/kerberos/man/man1/rsh.1.gz
/usr/kerberos/man/man1/telnet.1.gz
/usr/kerberos/man/man1/v4rcp.1.gz
/usr/kerberos/man/man8
/usr/kerberos/man/man8/ftpd.8.gz
/usr/kerberos/man/man8/k5srvutil.8.gz
/usr/kerberos/man/man8/kadmin.8.gz
/usr/kerberos/man/man8/klogind.8.gz
/usr/kerberos/man/man8/krb524d.8.gz
/usr/kerberos/man/man8/kshd.8.gz
/usr/kerberos/man/man8/ktutil.8.gz
/usr/kerberos/man/man8/login.krb5.8.gz
/usr/kerberos/man/man8/telnetd.8.gz
/usr/kerberos/sbin
/usr/kerberos/sbin/ftpd
/usr/kerberos/sbin/gss-server
/usr/kerberos/sbin/k5srvutil
/usr/kerberos/sbin/kadmin
/usr/kerberos/sbin/klogind
/usr/kerberos/sbin/krb5-send-pr
/usr/kerberos/sbin/krb524d
/usr/kerberos/sbin/kshd
/usr/kerberos/sbin/ktutil
/usr/kerberos/sbin/login.krb5
/usr/kerberos/sbin/sim_server
/usr/kerberos/sbin/telnetd
/usr/kerberos/sbin/uuserver
/usr/share/doc/krb5-workstation-1.6.1
/usr/share/doc/krb5-workstation-1.6.1/convert-config-files
/usr/share/doc/krb5-workstation-1.6.1/kdestroy.html
/usr/share/doc/krb5-workstation-1.6.1/kinit.html
/usr/share/doc/krb5-workstation-1.6.1/klist.html
/usr/share/doc/krb5-workstation-1.6.1/kpasswd.html
/usr/share/doc/krb5-workstation-1.6.1/ksu.html
/usr/share/doc/krb5-workstation-1.6.1/services.append
/usr/share/doc/krb5-workstation-1.6.1/user-guide.ps.gz
/usr/share/info/krb5-user.info.gz

What else can be done to disable these command?

pinga123

View Public Profile for pinga123

Find all posts by pinga123

06-15-2011

Registered User

3,149, 702

Join Date: Apr 2010

Last Activity: 10 July 2019, 11:33 PM EDT

Posts: 3,149

Thanks Given: 46

Thanked 702 Times in 677 Posts

you need to edit your /etc/services file. comment out the lines for the services that you don't want to run. a few that should be commented out:
rlogin
telnet (if you enabled ssh)
finger
ftp (unless you are running it..)
whod (whois server)
identd (unless you are using IRC, and need it..)
NIS/NFS (Unless you need them...)
RPC (You don't need it, trust me..)
Then reboot your box, and try port-scanning again.

SSH installed. How to disable rlogin? : disable, rlogin, debian

This User Gave Thanks to itkamaraj For This Post:

itkamaraj

View Public Profile for itkamaraj

Find all posts by itkamaraj

06-15-2011

Registered User

388, 3

Join Date: Sep 2009

Last Activity: 27 January 2014, 2:06 AM EST

Posts: 388

Thanks Given: 86

Thanked 3 Times in 3 Posts

One more twist that i found.
As it shows rcp ,rlogin ,rsh are also part of below rpm.

Confused what to do?

Code:

# rpm -ql rsh-0.17-38.el5
/usr/bin/rcp
/usr/bin/rexec
/usr/bin/rlogin
/usr/bin/rsh
/usr/share/man/man1/rcp.1.gz
/usr/share/man/man1/rexec.1.gz
/usr/share/man/man1/rlogin.1.gz
/usr/share/man/man1/rsh.1.gz

---------- Post updated at 01:27 AM ---------- Previous update was at 01:23 AM ----------

Quote:

Originally Posted by itkamaraj

is removing the rpm not an option?

pinga123

View Public Profile for pinga123

Find all posts by pinga123

UNIX for Dummies Questions & Answers

Help required in disabling commands.

10 More Discussions You Might Find Interesting

1. Hardware

How disabling GPU?

Discussion started by: _Fabio_79

2. Shell Programming and Scripting

Help required in UNIX commands

Discussion started by: arun888

3. Solaris

Required list of all basic commands for a beginners

Discussion started by: omsingh2k5

4. Shell Programming and Scripting

Getting required fields from a test file in required fromat in unix

Discussion started by: rdhanek

5. Solaris

Libraries required by commands

Discussion started by: Tirmazi

6. Solaris

disabling watchdog

Discussion started by: guilik

7. Shell Programming and Scripting

Help required to parse Oracle imp show=y output to DDL Commands

Discussion started by: rajan_san

8. UNIX for Dummies Questions & Answers

Help required for these commands

Discussion started by: ayanbiswas

9. Solaris

Disabling telnet

Discussion started by: frustrated1

10. UNIX for Dummies Questions & Answers

Ports Disabling

Discussion started by: rrivas