[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
- Subject: RE: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
- From: "Eric Frisch" <ericf@xxxxxxxxxxx>
- Date: Sat, 7 Apr 2001 11:39:26 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You would probably destroy the usability of the box for any application
development or compiling any new applications for the box. From what I can
see, most of these are libraries and user applications, they are not network
daemons etc. Yes maybe in some case a cracker could find and exploit in one
of these to elevate their access to root but if they have gotten in that far
you should be very worried because there are countless other avenues for
them to explore. Basically lock the front door, shutdown what you don't
need to run and make sure that all your daemons are up-to-date. Some sort
of tampering alarm based on tripwire or MD5 hashes and log scanning etc
would be better. In my opinion the suggested approach is like taking the
engine out of your car to make sure it doesn't get stolen . . .
Eric
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Randall
> Sent: Saturday, April 07, 2001 2:15 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
>
>
> Hi Group,
>
> Can anyone shed light on the RPM's below and if
> they're actually needed on the RaQ3 system to run
> properly? We recently hired a security firm to harden
> our systems/networks -we installed a RedHat 7 firebox
> with IPTables in front of the RaQ?s. But they?re also
> suggesting that the RPM's below be removed because
> they're really not needed as they only add to possible
> security threats. We realize postgresql-6.5.2-C2 needs
> to stay for the backend database, but what about the
> others in this list? Does anyone see anything that
> *should* stay that's listed below?
>
> Thanks for any info/insight!
>
> glibc-devel-2.1.3-21
> bind-devel-8.2.3-C1
> panel-utils-4.2-9
> dhcp-2.0b1pl6-6C1
> binutils-2.9.1.0.23-1
> bison-1.27-3
> rpm-devel-3.0.5-9.6x
> cpio-2.4.2-12
> cpp-1.1.2-12
> dhcpcd-1.3.17pl2-1
> egcs-1.1.2-12
> egcs-c++-1.1.2-12
> egcs-g77-1.1.2-12
> egcs-objc-1.1.2-12
> emacs-20.3-15
> emacs-nox-20.3-15
> finger-0.10-24
> flex-2.5.4a-6
> m4-1.4-12
> mgetty-1.1.14-8
> minicom-1.82-5
> ncftp-3.0beta18-3
> ncurses-devel-5.0-12C1r3
> netatalk-1.4b2+asun2.1.1-C6
> postgresql-6.5.2-C2
> postgresql-perl-6.5.2-C2
> postgresql-python-6.5.2-C2
> postgresql-jdbc-6.5.2-C2
> postgresql-server-6.5.2-C2
> postgresql-odbc-6.5.2-C2
> postgresql-tcl-6.5.2-C2
> ppp-2.3.7-2
> python-docs-1.5.1-10
> rsh-0.10-25
> samba-2.0.5a-1
> samba-client-2.0.5a-1
> telnet-0.10-29
> compat-binutils-5.2-2.9.1.0.23.1
> compat-egcs-5.2-1.0.3a.1
> compat-egcs-c++-5.2-1.0.3a.1
> compat-egcs-g77-5.2-1.0.3a.1
> compat-egcs-objc-5.2-1.0.3a.1
> compat-glibc-5.2-2.0.7.1
> compat-libs-5.2-1
> XFree86-libs-3.3.3.1-49
> portmap-4.0-15C1
> gdbm-devel-1.7.3-19
> glib-devel-1.2.1-2
> gmp-devel-2.0.2-8
> zlib-devel-1.1.3-5
> libtermcap-devel-2.0.8-13
> libxml-devel-1.0.0-2
> perl-Devel-Symdump-2.00-2
> postgresql-devel-6.5.2-C2
> python-devel-1.5.1-10
> readline-devel-2.2.1-5
> slang-devel-1.2.2-4
> nfs-utils-0.1.9.1-1
> kernel-source-2.2.14C5-1
> pine-4.33-C1
> openssl-devel-0.9.5a-3
> imap-devel-4.7c2-C3
> gd-devel-1.3-5
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>