Hello,
> I was told that /usr/bin/script was dangerous to leave on a firewall and
> so planned to delete it by hand it the bsdutils were installed.
No Program running without special priveleges is especially dangerous on a
firewall. You have to watch:
a) running priveleged programs (with interaction to the world)
inetd, smtpd, apache...
b) programs which get called often from priveleged programs
login, perl, ...
b2) programs which get called often from unpriveleged programs
(i dont think you can call any process on a firewall unpriveleged, even user
nobody can list the process table for example. Since Linux is no A- or B-
Level OS, you can ignore those kind of tools.
c) programs which are suid
c1) and needed: bad thing, avoid
c2) and not needed for operation: remove
d) programs which are not needed for operation
These are no security risks itself. Removing them will only give u:
d1) smaller system
d2) harder for hackers to work on a hacked host
Script is not suid and never used, therefore it is a class d) program.
(there might be systems where script is sgid tty or something like that, but
I cant remeber any).
> also had a concern about /usr/bin/logger but thought removing this might
> break sysklogd.....should it be left alone?
No, it will not break syslogd, but it will break a few shell scripts which
log their actions. Its a class b) program i think. Or d) if you remove the
scripts.
Greetings
Bernd
PS: anybody making of this list a nice text for my web page?
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .